I use Firefox 3. I've recently discovered that I get redirected whenever I click on a Google search result link, usually to a seemingly fake search site. I then received several popups informing of a virus on my computer and needing to install a fix, I quickly canceled/closed those prompts. Shortly after my internet navigation halted all together, I was unable to connect to even my modem. After restarting I get 2 error messages every few minutes which would halt my connection to the internet temporarily, until I clicked ok and waited 30 seconds or so where upon I could navigate once again:
svchost.exe - application error
the instruction at "0x7c910f20" refereced memory at "0x6f636e69". The memory could not be "read".
Click ok to terminate the program
and
Generic Host Process for Win32 Service encountered a problem and needs to close.
I am now able to surf sporadically halted by instances of the error messages popping up. I am still unable to navigate any Google search links. There is also a minor slowdown of my system, as I can hear it constantly attempting to process.
I also noticed 2 questionable folders at the end of my Program Files directory. "Podmena" - containing podmena.dll & podmena.sys and folder called 'driver' containing driver.dll & driver.sys. Neither of these folders could be deleted initially however I was able to put the Podmena folder in the recycling bin after another restart. I did the dds scan following these events. I also have Viewpoint installed on my computer. I'm not sure if that's anything malicious or if it needs to be addressed along with the browser problem. I can do another search on removing that later if necessary.
Thank you in advance for the help.
DDS (Ver_09-05-14.01) - NTFSx86
Run by Jim at 0:13:42.21 on Fri 06/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1622 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe -k driver
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Documents and Settings\Jim\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = 207.68.239.252:8080
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CTZDetec.exe] "c:\program files\creative\creative media lite\CTZDetec.exe"
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [sysldtray] c:\windows\ld09.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\documents and settings\jim\start menu\programs\startup\rncsys32.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167549065436
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167549520687
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\dcj0qyni.default\
FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\dcj0qyni.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\jim\application data\mozilla\firefox\profiles\dcj0qyni.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlc\npvlc.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
============= SERVICES / DRIVERS ===============
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2007-5-23 241664]
R1 driverdrv;driverdrv;c:\program files\driver\driver.sys [2009-6-18 9472]
R1 podmenadrv;podmenadrv;\??\c:\program files\podmena\podmena.sys --> c:\program files\podmena\podmena.sys [?]
R2 driver;driver;c:\windows\system32\svchost.exe -k driver [2003-3-31 14336]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-7-7 2560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-4 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate1c98d9cfdb238e0;Google Update Service (gupdate1c98d9cfdb238e0);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
S2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [2003-3-31 14336]
=============== Created Last 30 ================
2009-06-18 18:18 <DIR> --d----- c:\program files\driver
2009-06-18 18:18 2 ----h--- c:\windows\zaponce52689.dat
2009-06-15 07:41 2 a------- c:\windows\rim355878.dat
2009-06-15 07:41 2 ----h--- c:\windows\zaponce53290.dat
2009-06-15 07:41 15,872 ----h--- c:\windows\ld09.exe
2009-06-14 19:29 630,784 a------- c:\windows\system32\vp7vfw.dll
2009-06-14 19:29 237,568 a------- c:\windows\system32\vp7dec.ax
2009-06-14 19:29 53,248 a------- c:\windows\system32\vp7dec_settings.cpl
2009-06-14 19:29 <DIR> --d----- c:\program files\On2 Technologies
2009-06-14 13:32 90,814 a------- c:\windows\system32\drivers\435db556.sys
2009-05-24 18:06 <DIR> --d----- c:\program files\Black Isle
==================== Find3M ====================
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 17:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 17:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 17:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 17:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-03-23 04:27 747,566 a------- c:\windows\system32\abgx360.exe
2007-01-15 14:55 33,368 a------- c:\docume~1\jim\applic~1\GDIPFONTCACHEV1.DAT
2008-09-30 01:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008093020081001\index.dat
============= FINISH: 0:14:22.64 ===============