Jump to content

Recommended Posts

Hi, my computer got a virus a while back. Malwarebytes has brought it back to the point where it can be used, but it is running a little slow and redirects me to a random sites when using a search engine. I know that these type of infections can cause security issues so I am a bit worried. Please help. Thanks.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by MARK DE SAGUN at 23:15:50 on 2011-11-28

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.494.86 [GMT -8:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\AOL\1145847168\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\Program Files\STOPzilla!\SZInit.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [<NO NAME>]

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [HostManager] c:\program files\common files\aol\1145847168\ee\AOLSoftware.exe

mRun: [iPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

Notify: TPSvc - TPSvc.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mark de sagun\application data\mozilla\firefox\profiles\ayu7zh38.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - AIM Search

FF - prefs.js: browser.startup.homepage - hxxp://aimzones.aol.com/homepage

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

.

============= SERVICES / DRIVERS ===============

.

R? 8b2917d1;8b2917d1

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? is3srv;is3srv

S? szkg5;szkg5

S? szkgfs;szkgfs

S? Viewpoint Manager Service;Viewpoint Manager Service

.

=============== Created Last 30 ================

.

2011-11-01 20:55:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-01 04:50:27 -------- d-----w- c:\program files\STOPzilla!

2011-11-01 04:50:26 -------- d-----w- c:\program files\common files\iS3

2011-11-01 04:50:24 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!

2011-10-30 19:43:56 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-30 19:43:56 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2011-10-29 01:17:36 546256 ----a-r- c:\windows\system32\SZComp5.dll

2011-10-29 01:17:36 480720 ----a-r- c:\windows\system32\SZBase5.dll

2011-10-29 01:17:36 28624 ----a-r- c:\windows\system32\IS3XDat5.dll

2011-10-29 01:17:36 22992 ----a-r- c:\windows\system32\SZIO5.dll

2011-10-29 01:17:36 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll

2011-10-29 01:17:34 99792 ----a-r- c:\windows\system32\IS3Svc5.dll

2011-10-29 01:17:34 738768 ----a-r- c:\windows\system32\IS3Base5.dll

2011-10-29 01:17:34 67024 ----a-r- c:\windows\system32\IS3Hks5.dll

2011-10-29 01:17:34 456144 ----a-r- c:\windows\system32\IS3DBA5.dll

2011-10-29 01:17:34 390608 ----a-r- c:\windows\system32\IS3UI5.dll

2011-10-29 01:17:34 230864 ----a-r- c:\windows\system32\IS3Win325.dll

2011-10-29 01:17:34 103888 ----a-r- c:\windows\system32\IS3Inet5.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 19:21:00 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys

2011-09-26 19:21:00 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc(2)(2).dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc(2)(2).dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k(2)(2).sys

.

============= FINISH: 23:26:15.32 ===============

attach.txt

I was looking at a few of the the other threads about google redirect and most of them were told to install and run combofix. So I went ahead and did that. At about the 27th stage of the scan a blue screen popped up saying "A problem has been detected and windows has been shut down to prevent damage to your computer. Plug and play detected an error most likely caused by a faulty driver." It went on to say that if this is the first time I've seen this stop error message to restart my computer so I did that and of course google still redirects me. I have also noticed that sometimes my internet explorer will just randomly close. Please help.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.