[Resolved K] Site Redirect need help please.

[CliveJ]

Hi today while browsing the web all of a sudden every time i entered a websites name it kept re-directing me partners37.domainadvisor.com, I usually run no script and the site was blocked and nothing appeared except for a white page. but after closing my browser and restarting it fixed the issue. I immediately looked up on the net about this and turns out my browser is hacked.

So I panicked and reset my laptop to factory setting ASAP. I did a clean image factory reset and so far i haven't been redirected but i want to be sure if my computer is clean. That is why i need your help.

Interestingly enough couple of weeks ago i Downloaded something from cnet.com and it asked me whether i wanted to install "brekko" or something and i unmarked the option but yet it installed it anyway. My browsers homepage automatically got changed to this brekko thing. I uninstalled the software right away and brekko itself. But i didn't remove it completely i guess. So please help me. I have another computer that i use to access my work stuff but can this thing spread into other computers connected in my network? is it possible?

Here's my log from hijack this:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:02:49 PM, on 6/9/2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\home 1\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\home 1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9103 bytes

Please help and thank you for your time.

[kevinf80]

Hello CliveJ and welcome to SpywareHammer,

We no longer use HJT as a frontline diagnostic scanner, whilst it is still a valuable tool it does not give all of the information we need to assess your system.

Please go to this link NEW Instructions! What Do I Do First? and follow those instructions...

Thankyou,

kevinf80...

[CliveJ]

Hey kevin, Here are the two logs.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by home 1 at 1:32:59 on 2012-06-10
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3894.2465 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\home 1\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\home 1\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\home 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\home 1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D268CD80-AB28-455D-956F-2E3B1F4BB061} : DhcpNameServer = 192.168.1.1
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO-X64:     Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64:     Norton Vulnerability Protection - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-5-31 1160824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120608.001\IDSviA64.sys [2012-6-8 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-9 13336]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-6-9 138232]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-9 2320920]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-9 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-06-10 04:38:48   405624   ----a-w-   C:\Windows\System32\drivers\NISx64\1307010.005\symnets.sys
2012-06-10 04:38:47   737912   ----a-w-   C:\Windows\System32\drivers\NISx64\1307010.005\srtsp64.sys
2012-06-10 04:38:47   451192   ----a-r-   C:\Windows\System32\drivers\NISx64\1307010.005\symds64.sys
2012-06-10 04:38:47   37496   ----a-w-   C:\Windows\System32\drivers\NISx64\1307010.005\srtspx64.sys
2012-06-10 04:38:47   190072   ----a-w-   C:\Windows\System32\drivers\NISx64\1307010.005\ironx64.sys
2012-06-10 04:38:47   167048   ----a-w-   C:\Windows\System32\drivers\NISx64\1307010.005\ccsetx64.sys
2012-06-10 04:38:47   1092728   ----a-w-   C:\Windows\System32\drivers\NISx64\1307010.005\symefa64.sys
2012-06-10 04:38:41   --------   d-----w-   C:\Windows\System32\drivers\NISx64\1307010.005
2012-06-10 03:55:50   --------   d-----w-   C:\Users\home 1\AppData\Local\Google
2012-06-10 03:55:43   --------   d-----w-   C:\Users\home 1\AppData\Local\Deployment
2012-06-10 03:55:43   --------   d-----w-   C:\Users\home 1\AppData\Local\Apps
2012-06-10 03:49:08   --------   d-----w-   C:\Program Files (x86)\Common Files\Symantec Shared
2012-06-10 03:33:48   388096   ----a-r-   C:\Users\home 1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-10 03:33:48   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-06-10 03:19:10   1525248   ----a-w-   C:\Program Files\Windows Media Player\wmpnetwk.exe
2012-06-10 03:18:11   961024   ----a-w-   C:\Windows\System32\CPFilters.dll
2012-06-10 03:18:11   641536   ----a-w-   C:\Windows\SysWow64\CPFilters.dll
2012-06-10 03:18:11   613888   ----a-w-   C:\Windows\System32\psisdecd.dll
2012-06-10 03:18:11   552960   ----a-w-   C:\Windows\System32\msdri.dll
2012-06-10 03:18:11   465408   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
2012-06-10 03:18:11   288256   ----a-w-   C:\Windows\System32\MSNP.ax
2012-06-10 03:18:11   258560   ----a-w-   C:\Windows\System32\mpg2splt.ax
2012-06-10 03:18:11   204288   ----a-w-   C:\Windows\SysWow64\MSNP.ax
2012-06-10 03:18:11   199680   ----a-w-   C:\Windows\SysWow64\mpg2splt.ax
2012-06-10 03:16:48   --------   d-----w-   C:\Windows\ehome
2012-06-10 03:13:00   8955792   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1B3955BF-2226-40AE-B2D7-F9D4475E5975}\mpengine.dll
2012-06-10 03:12:59   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2012-06-10 03:11:32   175736   ----a-w-   C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-10 03:11:32   --------   d-----w-   C:\Program Files\Symantec
2012-06-10 03:11:32   --------   d-----w-   C:\Program Files\Common Files\Symantec Shared
2012-06-10 03:11:14   --------   d-----w-   C:\Windows\System32\drivers\NISx64
2012-06-10 03:11:12   --------   d-----w-   C:\Program Files (x86)\Norton Internet Security
2012-06-10 03:11:11   --------   d-----w-   C:\ProgramData\Norton
2012-06-10 03:10:27   --------   d-----w-   C:\ProgramData\NortonInstaller
2012-06-10 03:10:27   --------   d-----w-   C:\Program Files (x86)\NortonInstaller
2012-06-10 03:00:36   --------   d-----w-   C:\Users\home 1\AppData\Roaming\Intel Corporation
2012-06-10 03:00:33   --------   d-----w-   C:\Users\home 1\AppData\Local\Broadcom
2012-06-10 03:00:18   --------   d-----w-   C:\Users\home 1\AppData\Roaming\hpqLog
2012-06-10 03:00:17   --------   d-----w-   C:\Users\home 1\AppData\Roaming\Synaptics
2012-06-10 02:59:30   826368   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-06-10 02:59:30   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-06-10 02:59:30   204800   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-06-10 02:59:30   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-06-10 02:59:29   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
2012-06-10 02:59:29   76288   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-06-10 02:59:29   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-06-10 02:58:06   --------   d-----w-   C:\Users\home 1\AppData\Local\VirtualStore
2012-06-10 02:37:27   --------   d-----w-   C:\ProgramData\{7A89BFAF-D4AA-434A-B652-6F880DD86278}
2012-06-10 02:34:24   --------   d-----w-   C:\Windows\Hewlett-Packard
2012-06-10 02:33:17   344616   ----a-w-   C:\Windows\System32\drivers\btwampfl.sys
2012-06-10 02:33:16   39464   ----a-w-   C:\Windows\System32\drivers\btwl2cap.sys
2012-06-10 02:33:16   21544   ----a-w-   C:\Windows\System32\drivers\btwrchid.sys
2012-06-10 02:33:16   135720   ----a-w-   C:\Windows\System32\drivers\btwavdt.sys
2012-06-10 02:33:16   102952   ----a-w-   C:\Windows\System32\drivers\btwaudio.sys
2012-06-10 02:31:36   --------   d-----w-   C:\Program Files\WIDCOMM
2012-06-10 02:30:41   95544   ----a-w-   C:\Windows\System32\bcmwlcoi.dll
2012-06-10 02:30:41   6656   ----a-w-   C:\Windows\System32\bcmwlrc.dll
2012-06-10 02:30:40   3896832   ----a-w-   C:\Windows\System32\bcmihvsrv64.dll
2012-06-10 02:30:40   3561472   ----a-w-   C:\Windows\System32\bcmihvui64.dll
2012-06-10 02:30:40   3065408   ----a-w-   C:\Windows\System32\drivers\BCMWL664.SYS
2012-06-10 02:30:40   --------   d-----w-   C:\Program Files\Broadcom
2012-06-10 02:30:31   --------   d-sh--w-   C:\Windows\Installer
2012-06-10 02:29:40   74272   ----a-w-   C:\Windows\System32\RtNicProp64.dll
2012-06-10 02:29:40   349800   ----a-w-   C:\Windows\System32\drivers\Rt64win7.sys
2012-06-10 02:29:40   107552   ----a-w-   C:\Windows\System32\RTNUninst64.dll
2012-06-10 02:29:25   968192   ----a-w-   C:\Windows\System32\IDTNX.dll
2012-06-10 02:29:25   5900288   ----a-w-   C:\Windows\System32\IDTNGUI.exe
2012-06-10 02:29:25   564224   ----a-w-   C:\Windows\System32\idt64mp1.exe
2012-06-10 02:29:25   524800   ----a-w-   C:\Windows\sttray64.exe
2012-06-10 02:29:25   4594176   ----a-w-   C:\Windows\System32\stlang64.dll
2012-06-10 02:29:25   438784   ----a-w-   C:\Windows\System32\IDTNC64.cpl
2012-06-10 02:29:25   3069952   ----a-w-   C:\Windows\System32\IDTNHP.dll
2012-06-10 02:29:25   211968   ----a-w-   C:\Windows\System32\IDTNJ.exe
2012-06-10 02:29:24   --------   d-----w-   C:\Windows\System32\SRSLabs
2012-06-10 02:28:41   220160   ----a-w-   C:\Windows\System32\staco64.dll
2012-06-10 02:28:40   651264   ------w-   C:\Windows\System32\stapi64.dll
2012-06-10 02:28:40   520192   ----a-w-   C:\Windows\System32\drivers\stwrt64.sys
2012-06-10 02:28:40   431616   ----a-w-   C:\Windows\System32\stcplx64.dll
2012-06-10 02:28:40   1497088   ----a-w-   C:\Windows\System32\stapo64.dll
2012-06-10 02:28:34   --------   d-----w-   C:\Program Files\IDT
2012-06-10 02:28:30   --------   d-----w-   C:\Windows\SysWow64\sda
2012-06-10 02:28:24   9888360   ----a-w-   C:\Windows\SysWow64\RtsPStorIcon.dll
2012-06-10 02:28:24   329832   ----a-w-   C:\Windows\System32\drivers\RtsPStor.sys
2012-06-10 02:28:24   --------   d-----w-   C:\Program Files (x86)\Realtek
2012-06-10 02:28:10   53248   ----a-w-   C:\Windows\SysWow64\CSVer.dll
2012-06-10 02:27:49   --------   d-----w-   C:\Program Files (x86)\Common Files\postureAgent
2012-06-10 02:27:13   --------   d-----w-   C:\Program Files\Synaptics
2012-06-10 02:26:54   --------   d-----w-   C:\Program Files\Common Files\Intel
2012-06-10 02:26:53   --------   d-----w-   C:\Program Files (x86)\Common Files\Intel
2012-06-10 02:26:14   --------   d-----w-   C:\Intel
.
==================== Find3M  ====================
.
.
============= FINISH:  1:33:16.63 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/9/2012 7:57:29 PM
System Uptime: 6/10/2012 1:27:01 AM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 166A
Processor: Intel(R) Core(TM) i3 CPU       M 380  @ 2.53GHz | CPU | 2533/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 429.349 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.819 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 6/9/2012 7:58:09 PM - First_User_Boot
RP2: 6/9/2012 8:00:15 PM - Windows Update
RP3: 6/9/2012 8:12:38 PM - Windows Update
RP4: 6/9/2012 8:33:22 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
CyberLink YouCam
ESU for Microsoft Windows 7
Google Chrome
HiJackThis
HP On Screen Display
HP Quick Launch
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
LightScribe System Software
Microsoft Visual C++ 2005 Redistributable
Norton Internet Security
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
.
==== Event Viewer Messages From Past Week ========
.
6/9/2012 8:14:20 PM, Error: Microsoft-Windows-DistributedCOM [10009]  - DCOM was unable to communicate with the computer WIN-ABII2QBOEDP using any of the configured protocols.
6/9/2012 7:59:59 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
.
==== End Of File ===========================


Also kevin is there any chance that virus such as this can spread to other computers in my network?

[kevinf80]

Hiy CliveJ,

Your logs are clean, when "Brekko" was installed did you see any reference to "Nginx"

Regarding the issue migrating to other systems, it would appear from event viewer your PC is not communicating:

6/9/2012 8:14:20 PM, Error: Microsoft-Windows-DistributedCOM [10009]  - DCOM was unable to communicate with the computer WIN-ABII2QBOEDP using any of the configured protocols.

Is this system currently OFF the network?

As you`ve restored to factory image you will need to install SP1 at your earliest convenience....

Kevin

[CliveJ]

i did not see any reference to nginx. Thing is that the brekko thing was installed about 2-3 weeks ago but only yesterday i got redirected to the scam site. But if everything is clean then that's good news. Also kevin is there anywhere on this site where i can post some DDS log on a monthly basis just to make sure that my PC is healthy? And no my PC wasn't offline it was always online.

[kevinf80]

Hiya CliveJ,

You can delete DDS and its logs from your Desktop. Uninstall HJT via Start > Control Panel > UNinstall a Program.

Next,

Download TFC  to your desktop, from either of the following links
Link 1
Link 2

• Save any open work. TFC will close all open application windows.
• Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
• If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to  complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc.  Always remember to re-boot after a run, even if not prompted

Next,

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
If Java or Adobe as updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed.

Next,

If FileHippo did not prompt for SP1 either update through Automatic Updates or go to the following link for all required information:

http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1 

Next,

Create a new restore point:

   1. Right-click on Computer and go to Properties.
   2. Next click on the System Protection link.
   3. The System Properties dialog screen opens up and you will want to click on Create.
   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.
   5. You should see the message "The restore point was created successfully

To remove all but the most recent restore point do the following:

   1.      Open Disk Cleanup by clicking the Start button . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
   2.      If prompted, select the drive that you want to clean up, and then click OK.
   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
   4.      If prompted, select the drive that you want to clean up, and then click OK.
   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
   6.      In the Disk Cleanup dialog box, click Delete.
   7.      Click Delete Files, and then click OK. Re-Boot your PC.

Let me know if those steps complete OK, also if any remaining issues or concerns...

We do not offer the kind personal service you mentioned in last reply. PM one of the Admins and ask if it is possible outwith the Forum..

Kevin...

[CliveJ]

hey kevin i have done everything you told me to do on the post above. what else is next?

[kevinf80]

Hiya CliveJ,

You`re good to go my friend, here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol  This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained Here

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:
 
Firefox,

Opera, and

Chrome.
 
All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.


Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

Let me know when its ok to close out your thread......

Take care,

Kevin

[CliveJ]

Thanks for all your help kevin. Take care friend and hopefully you help thousands of others from these malware. Take care man and if karma exist i am sure many good things are already happening in your life haha.

[kevinf80]

Since this issue appears to be resolved the topic has been closed. Glad we could help.   

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.