-
Possible virus, browser redirects and false error messages
My computer has been acting strange, it has been redirected my browser and giving strange error messages. It also will not allow me to run any anti-virus. Please help.
DDS:
DDS (Ver_11-03-05.01) - NTFSx86
Run by Sunbury1108 at 22:23:29.55 on Mon 05/02/2011
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3325.2089 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sunbury1108\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.comcast.net/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
StartupFolder: c:\users\sunbur~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
.
=============== Created Last 30 ================
.
2011-04-30 01:31:53 -------- d-----w- c:\users\sunbur~1\appdata\roaming\Blackberry Desktop
2011-04-30 01:22:04 -------- d-----w- c:\users\sunbur~1\appdata\roaming\Teleca
2011-04-30 01:22:04 -------- d-----w- c:\users\sunbur~1\appdata\local\HTC
2011-04-30 01:21:11 -------- d-----w- c:\progra~2\HTC
2011-04-30 01:21:05 -------- d-----w- c:\program files\common files\Teleca Shared
2011-04-30 01:21:05 -------- d-----w- c:\progra~2\Teleca
2011-04-30 01:19:58 -------- d-----w- c:\program files\Spirent Communications
2011-04-30 01:19:55 -------- d-----w- c:\program files\HTC
2011-04-30 01:19:15 -------- d-----w- c:\users\sunbur~1\appdata\local\Downloaded Installations
2011-04-30 01:12:32 256 ----a-w- c:\windows\system32\pool.bin
2011-04-30 01:12:31 -------- d-----w- c:\users\sunbur~1\appdata\roaming\Research In Motion
2011-04-30 01:10:58 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2011-04-30 01:09:57 -------- d-----w- c:\progra~2\Research In Motion
2011-04-30 01:09:44 -------- d-----w- c:\program files\common files\Research In Motion
2011-04-30 01:09:40 -------- d-----w- c:\program files\Research In Motion
2011-04-29 06:08:35 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{cba4a9fd-89b5-4942-878a-5b5815827940}\mpengine.dll
2011-04-18 02:12:26 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-18 02:12:26 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-18 02:12:25 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-18 02:12:25 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-18 02:12:25 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-18 02:12:25 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-04-18 02:12:25 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-18 02:12:24 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-18 02:12:24 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-18 02:12:23 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-16 15:44:50 -------- d-----w- c:\program files\World of Warcraft
2011-04-08 22:47:40 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-04-08 22:47:39 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-04-08 22:47:39 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-04-08 22:47:39 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-04-08 22:47:39 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-04-08 22:47:39 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-04-08 22:47:34 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-04-08 22:47:34 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-04-08 22:47:27 35840 ----a-w- c:\windows\system32\nvcod100.dll
2011-04-08 22:47:27 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 22:41:42 768544 ----a-w- c:\windows\system32\nvcplui.exe
2011-04-08 22:41:42 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2011-04-08 22:41:42 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2011-04-08 22:41:41 453152 ----a-w- c:\windows\system32\nvuninst.exe
2011-04-08 22:41:41 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2011-04-05 21:19:14 -------- d-----w- c:\users\sunbur~1\appdata\roaming\Malwarebytes
2011-04-05 21:19:10 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-05 21:19:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 21:13:45 -------- d-----w- c:\users\sunbur~1\appdata\roaming\Sammsoft
2011-04-05 20:04:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-05 20:04:35 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2011-02-27 13:12:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-25 02:59:30 64512 ----a-w- c:\windows\system32\WUDFSvc.dll
2011-02-25 02:59:30 572416 ----a-w- c:\windows\system32\WUDFx.dll
2011-02-25 02:59:30 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2011-02-25 02:59:30 197120 ----a-w- c:\windows\system32\WUDFHost.exe
2011-02-25 02:59:30 162816 ----a-w- c:\windows\system32\WUDFPlatform.dll
2011-02-25 02:22:18 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-02-25 02:21:31 268800 ----a-w- c:\windows\system32\es.dll
2011-02-24 19:18:04 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-02-24 19:18:04 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-02-24 19:18:04 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-02-24 19:18:04 11264 ----a-w- c:\windows\system32\icardres.dll
2011-02-23 08:32:18 22016 ----a-w- c:\windows\system32\netiougc.exe
2011-02-23 08:32:18 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-02-23 08:32:18 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2011-02-23 08:28:34 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-02-23 08:28:34 25600 ----a-w- c:\windows\system32\amxread.dll
2011-02-23 08:28:34 14848 ----a-w- c:\windows\system32\apilogen.dll
2011-02-23 08:27:00 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2011-02-23 08:27:00 223232 ----a-w- c:\windows\system32\SLC.dll
2011-02-23 08:26:59 33280 ----a-w- c:\windows\system32\slwmi.dll
2011-02-23 08:26:57 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2011-02-23 08:26:56 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2011-02-23 08:26:56 351232 ----a-w- c:\windows\system32\SLUI.exe
2011-02-23 08:26:56 186368 ----a-w- c:\windows\system32\SLLUA.exe
2011-02-23 08:26:54 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2011-02-23 08:26:52 39936 ----a-w- c:\windows\system32\slcinst.dll
2011-02-23 08:25:23 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-02-23 08:25:22 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-02-23 08:25:21 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-02-23 08:23:33 61440 ----a-w- c:\windows\system32\ntprint.exe
2011-02-23 08:23:33 220160 ----a-w- c:\windows\system32\ntprint.dll
2011-02-23 08:23:27 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2011-02-23 08:23:27 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2011-02-23 08:23:26 1984512 ----a-w- c:\windows\system32\authui.dll
2011-02-23 08:23:21 69632 ----a-w- c:\windows\system32\sendmail.dll
2011-02-23 08:23:18 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2011-02-23 08:21:53 441856 ----a-w- c:\windows\system32\win32spl.dll
2011-02-23 08:21:53 37376 ----a-w- c:\windows\system32\printcom.dll
2011-02-23 08:20:41 2031104 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 08:17:20 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-02-23 08:15:28 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-02-23 08:15:28 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-02-23 08:15:28 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-02-23 08:13:21 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-02-23 08:13:21 312320 ----a-w- c:\windows\system32\msdrm.dll
2011-02-23 08:13:21 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-02-23 08:13:20 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-02-23 08:13:20 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-02-23 08:13:19 515584 ----a-w- c:\windows\system32\RMActivate.exe
2011-02-23 08:13:19 472576 ----a-w- c:\windows\system32\secproc.dll
2011-02-23 08:13:17 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-02-23 08:13:17 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2011-02-23 08:08:24 11776 ----a-w- c:\windows\system32\sbunattend.exe
2011-02-23 08:06:45 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-23 08:06:45 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-02-22 09:09:57 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-02-22 09:09:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-22 09:09:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-02-22 09:09:57 24064 ----a-w- c:\windows\system32\lpk.dll
2011-02-22 09:09:57 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-02-22 09:09:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-02-22 09:08:48 72704 ----a-w- c:\windows\system32\admparse.dll
2011-02-22 09:08:47 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 09:08:47 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-02-22 09:08:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-22 09:08:44 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-02-22 09:08:44 389120 ----a-w- c:\windows\system32\html.iec
2011-02-22 09:08:43 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-22 09:08:41 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 09:08:40 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 09:08:39 56320 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 09:07:19 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-02-22 09:07:19 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-02-22 09:07:19 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-02-22 09:07:19 272896 ----a-w- c:\windows\system32\polstore.dll
2011-02-22 09:05:12 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-02-22 09:05:12 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-02-22 09:05:12 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-02-22 09:04:30 87040 ----a-w- c:\windows\system32\msoert2.dll
2011-02-22 09:04:30 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2011-02-22 09:04:30 205824 ----a-w- c:\windows\system32\msoeacct.dll
2011-02-22 09:03:44 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-02-22 09:03:44 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-02-22 09:03:44 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-02-22 09:03:44 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-02-22 09:03:44 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-02-22 09:03:44 15360 ----a-w- c:\windows\system32\netevent.dll
2011-02-22 09:03:44 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-02-22 09:03:44 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-02-22 09:03:44 10240 ----a-w- c:\windows\system32\finger.exe
2011-02-22 09:02:50 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-02-22 09:02:50 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2011-02-22 09:02:49 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2011-02-22 09:02:48 542720 ----a-w- c:\windows\system32\sysmain.dll
2011-02-22 09:02:07 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-02-22 09:01:30 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-02-22 09:01:29 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-02-22 09:01:29 502272 ----a-w- c:\windows\system32\wlansvc.dll
2011-02-22 09:01:29 47104 ----a-w- c:\windows\system32\wlanapi.dll
.
============= FINISH: 22:24:03.01 ===============
-
Security Expert-Emeritus
Hi,
I apologise for the delay, the forum is very busy.
If you still require assistance please acknowledge this post, thank you.
Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
-
Security Expert-Emeritus
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
