Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser constantly redirects after google search


  • Please log in to reply
No replies to this topic

#1 djakubik

djakubik

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 22 May 2011 - 05:14 PM

Someone please help. I can't stand it anymore. When I do any type of search, my browser gets redirected. It doesn't matter if its with explorer or firefox. Also, my computer will get the blue screen and I'll have to reboot to safe mode, then restart. It has become very frustrating. I've try multiple malware and antivirus programs but nothing has helped. Any assistance would be appreciated. Here are some logs:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Dad at 18:01:24 on 2011-05-22
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\system32\agrsmsvc.exe
c:\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\xampp\apache\bin\httpd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFR16F7L\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=EM&Loc=ENG_US&Sys=DTP&M=T5274
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=EM&Loc=ENG_US&Sys=DTP&M=T5274
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=EM&Loc=ENG_US&Sys=DTP&M=T5274
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=&Br=EM&Loc=ENG_US&Sys=DTP&M=T5274
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
uURLSearchHooks: H - No File
BHO: MRI_DISABLED - No File
BHO: NCO 2.0 IE BHO - No File
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.4\iobitToolbarIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {00F2C0C6-2194-484E-9064-44E57787867B} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-system: fxkymjvdcvbditddbdswTaskMgr = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\dkis67pu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=642886&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\dkis67pu.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\dkis67pu.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\users\dad\appdata\roaming\move networks\plugins\npqmp071706000001.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? DbusAudio;DbusAudio
R? FileMonitor;FileMonitor
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista
R? RegFilter;RegFilter
R? SndTAudio;SndTAudio
R? TuneConvertAudio;TuneConvertAudio
R? UrlFilter;UrlFilter
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AdvancedSystemCareService;Advanced SystemCare Service
S? Apache2.2;Apache2.2
S? Application Updater;Application Updater
S? FontCache;Windows Font Cache Service
S? IMFservice;IMF Service
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? Lbd;Lbd
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SmartDefragDriver;SmartDefragDriver
S? ssfmonm;ssfmonm
S? WebrootSpySweeperService;Webroot Spy Sweeper Engine
S? WRConsumerService;Webroot Client Service
.
=============== Created Last 30 ================
.
2011-05-22 13:25:03 -------- d-----w- c:\users\dad\appdata\roaming\CyberDefender
2011-05-22 13:24:54 -------- d-----w- c:\program files\CyberDefender
2011-05-22 13:09:33 388096 ----a-r- c:\users\dad\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-22 13:09:32 -------- d-----w- c:\program files\Trend Micro
2011-05-18 02:40:07 143638 ----a-w- c:\windows\system32\gswin32c.exe
2011-05-18 02:40:07 -------- d-----w- c:\windows\system32\gs
2011-05-18 02:38:21 701440 ----a-w- c:\windows\system32\msxml2.dll
2011-05-18 02:38:20 117507 ----a-w- c:\windows\system32\Msinet.ocx
2011-05-18 02:38:19 3979680 ----a-w- c:\windows\system32\Flash10c.ocx
2011-05-18 02:38:19 109248 ----a-w- c:\windows\system32\Mswinsck.ocx
2011-05-18 02:38:08 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-05-18 02:38:02 -------- d-----w- C:\QuickLogoDesigner
2011-05-18 02:23:20 -------- d-----w- c:\program files\SourceTec
2011-05-17 00:26:03 415176 ----a-w- c:\windows\system32\Comct332.ocx
2011-05-17 00:26:03 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-05-17 00:26:02 -------- d-----w- c:\program files\PHPMagic
2011-05-15 23:15:55 -------- d-----w- C:\xampp
2011-05-15 22:50:05 -------- d-----w- c:\users\dad\appdata\roaming\Barnes & Noble
2011-05-15 22:50:02 -------- d-----w- c:\program files\Barnes & Noble
2011-05-15 20:45:55 -------- d-----w- c:\programdata\Insight Software Solutions
2011-05-15 20:45:53 -------- d-----w- c:\users\dad\appdata\roaming\Insight Software
2011-05-15 20:45:53 -------- d-----w- c:\users\dad\appdata\local\Insight Software
2011-05-15 20:45:53 -------- d-----w- c:\programdata\Insight Software
2011-05-15 20:45:53 -------- d-----w- c:\program files\common files\Insight Software Solutions
2011-05-15 20:45:50 -------- d-----w- c:\program files\Debt Analyzer 4
2011-05-15 20:42:17 -------- d-----w- c:\program files\DRC
2011-05-15 20:40:48 -------- d-----w- c:\program files\ZilchWorks
2011-05-15 16:38:14 -------- d-----w- c:\users\dad\appdata\local\Microsoft_Corporation
2011-05-15 15:52:43 -------- d-----w- c:\windows\system32\1033
2011-05-15 15:46:18 -------- d-----w- c:\program files\Microsoft SQL Server
2011-05-15 15:23:40 -------- d-----w- c:\users\dad\appdata\roaming\MySQL
2011-05-15 15:22:58 -------- d-----w- c:\program files\MySQL
2011-05-12 03:10:48 -------- d-----w- c:\programdata\MAGIX
2011-05-12 03:09:41 -------- d-----w- c:\users\dad\appdata\local\MAGIX
2011-05-12 03:09:36 -------- d-----w- c:\users\dad\appdata\roaming\MAGIX
2011-05-12 03:09:32 -------- d-----w- c:\users\dad\appdata\local\Xara
2011-05-12 03:07:26 -------- d-----w- c:\programdata\Xara
2011-05-12 03:07:26 -------- d-----w- c:\program files\Xara
2011-05-12 03:06:56 -------- d-----w- c:\program files\MSXML 4.0
2011-05-11 01:42:00 -------- d-----w- c:\program files\Application Updater
2011-05-11 01:41:59 -------- d-----w- c:\program files\IObit Toolbar
2011-05-11 01:41:59 -------- d-----w- c:\program files\common files\Spigot
2011-05-11 01:41:32 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-05-11 01:41:32 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-05-11 00:06:16 47120 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-05-11 00:06:16 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-05-11 00:06:16 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-05-11 00:02:39 -------- dc-h--w- c:\programdata\{3C707538-83E3-4DAC-9218-6D79F3B9FEA5}
2011-05-11 00:02:18 -------- d-----w- c:\program files\Webroot
2011-05-09 00:57:41 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-05-09 00:57:41 1187840 ----a-w- c:\windows\system32\DX8VB.DLL
2011-05-09 00:57:40 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-05-09 00:57:38 352256 ----a-w- c:\windows\system32\ijl15.dll
2011-05-09 00:57:38 265216 ----a-w- c:\windows\system32\NVIEWLIB.DLL
2011-05-09 00:57:38 -------- d-----w- c:\program files\3D Landscape for Everyone
2011-04-30 14:10:12 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-04-30 14:10:11 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-04-30 14:10:11 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-04-30 14:10:10 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-04-30 14:10:09 2873344 ----a-w- c:\windows\system32\mf.dll
2011-04-30 14:10:08 98816 ----a-w- c:\windows\system32\mfps.dll
2011-04-30 14:10:06 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-04-30 14:10:05 586240 ----a-w- c:\windows\system32\stobject.dll
2011-04-30 14:10:00 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
==================== Find3M ====================
.
2011-04-30 14:09:59 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-04-13 02:12:48 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-07 07:59:03 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-01 07:22:02 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-04 00:36:06 70304 ----a-w- c:\programdata\bdinstall.bin
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD3200AAJS-00B4A0 rev.01.03A01 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x853B785C]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x853bda38]; MOV EAX, [0x853bdab4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8267A962] -> \Device\Harddisk0\DR0[0x8539B030]
3 CLASSPNP[0x885AF8B3] -> ntkrnlpa!IofCallDriver[0x8267A962] -> [0x851D7320]
5 acpi[0x8069A6BC] -> ntkrnlpa!IofCallDriver[0x8267A962] -> [0x851FB030]
\Driver\atapi[0x8539D208] -> IRP_MJ_CREATE -> 0x853B785C
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskWDC_WD3200AAJS-00B4A0___________________01.03A01#5&37fb79bb&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 18:07:12.64 ===============

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users