Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
After recieveing a message on facebook with a video in it i am having computer problems. if i do a google search and click on a result, 9 times out of 10 it will redirect me to some spam site. Some times, it will automatically start doing some fake antivirus scan, and can only be stopped using task manager and end task. I hav tried to update my expired norton but it will not connect to the update server. i turned off my firewall and it will still not connnect. i have ran malware antybytes with no success. i

Here is the DDS and i also attached the other requested files.
DDS (Ver_09-12-01.01) - NTFSx86
Run by bjbjl6 at 10:02:20.55 on Tue 12/08/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1217 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\dlcccoms.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\STOPzilla!\SZInit.Exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\bjbjl6\Downloads\dds(2).com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files\stopzilla!\toolbar\SZIESearchHook.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\toolbar\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\toolbar\SZSG.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Aim6]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\bjbjl6\appdata\roaming\mozilla\firefox\profiles\rsoiyxla.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\stopzilla!\toolbar\extension\components\SiteGuardFF.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-8-31 310320]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-8-31 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-8-31 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090331.003\IDSvix86.sys [2009-3-31 292912]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-8-31 117640]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-2 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-5-12 61328]
S2 gupdate1c98c7ea6c2dc70;Google Update Service (gupdate1c98c7ea6c2dc70);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]

=============== Created Last 30 ================

2009-12-08 14:07:45 504 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-12-08 14:07:44 104 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-12-08 14:02:50 0 d-----w- c:\programdata\SITEguard
2009-12-08 14:01:27 0 d-----w- c:\program files\STOPzilla!
2009-12-08 14:01:26 0 d-----w- c:\programdata\STOPzilla!
2009-12-08 14:01:26 0 d-----w- c:\program files\common files\iS3
2009-12-08 13:44:45 0 d-----w- c:\program files\Trend Micro
2009-12-03 16:56:23 0 d-----w- c:\programdata\WindowsSearch
2009-11-16 21:03:40 0 d-----w- c:\users\bjbjl6\appdata\roaming\AVG8
2009-11-16 02:46:31 0 d-----w- c:\users\bjbjl6\appdata\roaming\Malwarebytes
2009-11-16 02:46:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-16 02:46:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-16 02:46:26 0 d-----w- c:\programdata\Malwarebytes
2009-11-16 02:46:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 01:43:30 2060 ----a-w- c:\windows\mms17891.dat
2009-11-16 01:38:45 38912 ----a-w- c:\windows\rdr_1258335523.exe
2009-11-16 01:38:39 137216 ----a-w- c:\windows\rdr_1258335516.exe
2009-11-13 13:32:23 1 ---h--w- c:\windows\mmsmark3.dat
2009-11-13 13:32:22 2 ----a-w- c:\windows\0101120101465150.xxe
2009-11-13 12:44:15 18697 ----a-w- c:\windows\fs1235.dat
2009-11-13 12:41:37 32 ----a-w- c:\windows\bk20856.dat
2009-11-13 05:18:43 97280 ----a-w- c:\windows\rdr_1258089520.exe
2009-11-13 05:18:10 97280 ----a-w- c:\windows\rdr_1258089486.exe
2009-11-13 05:17:52 97280 ----a-w- c:\windows\rdr_1258089469.exe
2009-11-13 05:17:32 97280 ----a-w- c:\windows\rdr_1258089450.exe
2009-11-13 05:17:21 97280 ----a-w- c:\windows\rdr_1258089437.exe
2009-11-13 05:16:55 97280 ----a-w- c:\windows\rdr_1258089414.exe
2009-11-13 05:16:36 97280 ----a-w- c:\windows\rdr_1258089395.exe
2009-11-13 05:13:58 97280 ----a-w- c:\windows\rdr_1258089236.exe
2009-11-13 05:12:51 97280 ----a-w- c:\windows\rdr_1258089170.exe
2009-11-13 05:12:48 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2009-11-13 05:12:26 97280 ----a-w- c:\windows\rdr_1258089143.exe.exe
2009-11-13 05:12:23 2 ----a-w- c:\windows\0101120101465155.xxe
2009-11-13 05:12:23 1 ---h--w- c:\windows\bk23567.dat
2009-11-13 05:12:21 2 ----a-w- c:\windows\010112010146116101.xxe
2009-11-11 11:36:12 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 11:36:09 351232 ----a-w- c:\windows\system32\WSDApi.dll

==================== Find3M ====================

2009-10-27 15:08:16 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-10-27 15:08:14 402064 ----a-r- c:\windows\system32\SZBase5.dll
2009-10-27 14:59:38 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-10-20 18:40:34 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-10-20 18:40:24 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-10-20 18:38:16 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-10-20 18:37:58 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-10-20 18:37:40 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-10-20 18:35:40 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-10-20 18:35:18 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-10-20 18:35:04 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-10-20 18:31:52 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-10-17 20:35:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-12 23:39:58 103720 ----a-w- c:\users\bjbjl6\GoToAssistDownloadHelper.exe
2009-10-06 14:52:19 36734 ----a-w- c:\windows\system32\OggDSuninst.exe
2009-09-11 17:40:09 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-11 17:40:09 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-11 17:40:08 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-09-10 17:30:12 213504 ----a-w- c:\windows\system32\msv1_0.dll
2008-10-23 10:05:15 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
1997-07-22 00:30:54 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 08:00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 17:06:50 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 17:06:50 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 17:06:50 287504 --sha-w- c:\windows\system32\Msxbse35.dll
2008-10-23 10:05:14 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:02:34.99 ===============
 

Attachments

·
Premium Member
Joined
·
29,790 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
 

·
Premium Member
Joined
·
29,790 Posts
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top