redirect virus, please look at dds info

October 23, 2010 at 05:57:00
Specs: Windows 7
i have ran a scan and this is what comes up


C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\aol\1271013312\ee\aolsoftware.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\aol\1271013312\ee\aolsoftware.exe
C:\Program Files (x86)\AOL 9.5\waol.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files (x86)\AOL 9.5\shellmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3DYEUK1\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar =
uWindow Title =
mWindow Title =
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.5\AOL.EXE" -b
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
mRun-x64: [SmartMenu] "C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
mRun-x64: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
mRun-x64: [Persistence] "C:\Windows\system32\igfxpers.exe"
mRun-x64: [SysTrayApp] "C:\Program Files\IDT\WDM\sttray64.exe"

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-1-20 121936]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-6-18 173984]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-1-20 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-1-20 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-9-12 40384]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-9-12 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-9-12 40384]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-5-20 70656]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-1-9 139264]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-6-18 40832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-28 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Com4QLBEx;Com4QLBEx;"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [?]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-22 140712]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SRS_WOWHD_DivX_Service;WOW HD DivX Edition;C:\Windows\System32\drivers\SRS_DivX_amd64.sys [2009-11-10 377584]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-9 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-10-23 12:47:42 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{DABC92A2-9E79-4B65-9690-04CDB1BEDD55}\mpengine.dll
2010-10-22 23:19:47 -------- d-----w- C:\Program Files (x86)\MSSOAP
2010-10-22 23:19:47 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2010-10-22 23:19:28 -------- d-----w- C:\Program Files (x86)\Webroot
2010-10-22 23:01:00 -------- d-----w- C:\PROGRA~3\XoftSpySE
2010-10-21 23:00:21 -------- d-----w- C:\PROGRA~3\STOPzilla!
2010-10-20 00:31:53 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2010-10-20 00:31:31 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-20 00:31:31 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-19 23:40:49 -------- d-----w- C:\PROGRA~3\IObit
2010-10-19 23:40:45 -------- d-----w- C:\Program Files (x86)\IObit
2010-10-19 13:13:55 -------- d-----w- C:\Users\Owner\AppData\Roaming\Hunoy
2010-10-19 13:13:55 -------- d-----w- C:\Users\Owner\AppData\Roaming\Atybxo
2010-10-19 10:53:05 0 ----a-w- C:\Users\Owner\AppData\Local\Bsalev.bin
2010-10-19 10:53:03 -------- d-----w- C:\Users\Owner\AppData\Local\{9FACC036-9AA1-4F98-9445-62CFE46D7BE0}
2010-10-14 10:17:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-10-14 10:17:06 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-14 10:17:06 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-14 10:17:06 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-14 10:17:04 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2010-10-14 10:17:04 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-14 10:17:04 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2010-10-14 10:17:03 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-14 10:17:03 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-10-14 10:17:02 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-14 10:17:00 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-14 10:17:00 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-12 00:34:27 -------- d-----w- C:\Users\Owner\AppData\Local\4Media
2010-10-12 00:34:25 -------- d-----w- C:\Users\Owner\AppData\Roaming\4Media
2010-10-10 20:47:15 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2010-10-10 20:46:41 290816 ----a-w- C:\Windows\SysWow64\stFLVSource.ax
2010-10-10 20:46:40 -------- d-----w- C:\Program Files (x86)\Common Files\SourceTec
2010-10-10 20:46:38 438272 ----a-w- C:\Windows\SysWow64\Mpeg2DecFilter.ax
2010-10-10 20:46:38 217088 ----a-w- C:\Windows\SysWow64\CoreFLACDecoder.ax
2010-10-10 20:46:38 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll
2010-10-10 20:46:37 -------- d-----w- C:\Program Files (x86)\SourceTec
2010-10-10 15:04:28 -------- d-----w- C:\Users\Owner\AppData\Roaming\Philipp Winterberg
2010-10-02 13:17:16 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-10-02 13:17:16 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-09-28 21:43:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 21:43:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 21:43:22 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 21:43:22 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-26 21:11:08 171368 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10133.bin

==================== Find3M ====================

2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- C:\Windows\avastSS.scr
2010-09-07 14:47:33 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 8:50:44.43 ===============


See More: redirect virus, please look at dds info

Report •


#1
October 23, 2010 at 06:14:26
are those infected files

Report •
Related Solutions


Ask Question