Tech Support Forum - View Single Post - Constant page re-directing and trojan horse

MICKFLAN · 12-02-2008, 07:32 AM

Hi,
My son has been using my computer last couple of days and now i keep getting re-directed to web pages unknown to me i have done virus scan which says i have a trojan down loader but i think that has been removed. I have done a S&D scan in safe mode which says has fixed some problems but i just cant seem to get rid of the re-directing of web pages. Here are all my logs

DDS (Version 1.0) - NTFSx86
Run by mick at 14:21:08.81 on 02/12/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1381 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\mick\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\program files\windows live\messenger\wlchtc.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [kdx] c:\program files\KHost.exe -all
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [ScanSoft OmniPage SE 4.0-reminder] "c:\program files\scansoft\omnipagese4.0\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipagese4.0\ereg\ereg.ini"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [btbb_wcm_McciTrayApp] "c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\exif launcher\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: DisableTaskMgr = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoDispScrSavPage = 0 (0x0)
uPolicies-system: NoDispCPL = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-system: DisableTaskMgr = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {D0C0394E-F79C-40F4-B706-0798889DE8EF} = 85.255.112.145;85.255.112.150
TCP: {F348B908-B114-4C14-8F27-849D438116FA} = 85.255.112.145;85.255.112.150
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-10 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-10 26824]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-5 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-5 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-10 76040]
R2 McciCMService;McciCMService;"c:\program files\common files\motive\McciCMService.exe" [2008-10-31 303104]
R3 MRESP50;MRESP50 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MRESP50.SYS [2008-10-31 20096]
R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-11-16 167424]
S2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2008-1-2 945920]
S3 Cap7134;Philips Cap7134 Capture;c:\windows\system32\drivers\Cap7134.sys []
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-6 31592]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-5-23 13352]
S3 MREMP50;MREMP50 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MREMP50.SYS [2008-10-31 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MREMP50a64.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MRESP50a64.SYS []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-11-6 175872]

=============== Created Last 30 ================

2008-12-02 14:03 250 a------- c:\windows\gmer.ini
2008-12-02 13:14 <DIR> --d----- C:\VundoFix Backups
2008-12-01 22:18 241 a------- c:\windows\wininit.ini
2008-12-01 16:18 <DIR> --dshr-- C:\resycled
2008-12-01 13:28 860,160 a------- c:\windows\system32\xVideoOCX.ocx
2008-12-01 13:28 137,000 a------- c:\windows\system32\msmapi32.ocx
2008-12-01 13:28 103,744 a------- c:\windows\system32\MSCOMM32.ocx
2008-12-01 13:28 26,896 a------- c:\windows\system32\hh.exe
2008-12-01 13:28 <DIR> --d----- c:\program files\Studio Surveillance
2008-12-01 00:32 2,657 a------- C:\timhillone.mov
2008-12-01 00:32 785 a------- C:\qtviewer.html
2008-12-01 00:32 620 a------- C:\qtviewer.smil
2008-12-01 00:18 <DIR> --d----- C:\TimHO_Rec
2008-12-01 00:11 <DIR> --d----- c:\program files\LEDSET
2008-11-24 11:42 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{174BEB07-CB76-4EAC-91FD-95CD34E9901B}
2008-11-24 11:42 <DIR> --d----- c:\program files\Karaoke Zip Scanner
2008-11-22 16:35 <DIR> a-d----- C:\Myriad
2008-11-16 19:18 0 a------- c:\windows\system32\swunilog.ini
2008-11-16 19:18 237,568 a----r-- c:\windows\system32\SiSWPars.dll
2008-11-16 19:18 167,424 a----r-- c:\windows\system32\drivers\sis163u.sys
2008-11-16 19:18 155,648 a----r-- c:\windows\system32\SiSWInst.dll
2008-11-16 19:18 49,152 a----r-- c:\windows\system32\SiSWBase.dll
2008-11-13 08:12 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 08:12 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-06 19:27 175,872 a------- c:\windows\system32\drivers\RTL8187.sys

==================== Find3M ====================

2008-12-02 11:41 <DIR> --d----- c:\program files\eMule
2008-12-01 23:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-01 21:10 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-30 20:27 <DIR> --d----- c:\program files\MP3+G Toolz .NET 4
2008-11-23 13:04 <DIR> --d----- c:\program files\Karaoke Song List Creator
2008-11-18 07:06 <DIR> --d----- c:\program files\Xfire
2008-11-17 21:16 <DIR> --d----- c:\docume~1\mick\applic~1\Xfire
2008-11-03 20:23 183,120 a------- c:\windows\system32\PnkBstrB.exe
2008-10-31 09:57 <DIR> --d----- c:\program files\BT Broadband Desktop Help
2008-10-31 09:56 <DIR> --d----- c:\program files\common files\Motive
2008-10-30 01:24 42,320 a------- c:\windows\system32\xfcodec.dll
2008-10-20 23:25 <DIR> --d----- c:\program files\SpeedFan
2008-10-20 15:03 <DIR> --d----- c:\program files\Total Video2DVD Author
2008-10-20 15:02 <DIR> --d----- c:\program files\Sony Ericsson
2008-10-20 15:01 <DIR> --d----- c:\program files\k4uTool
2008-10-20 15:00 <DIR> --d----- c:\program files\IKEA Home Planner Kitchen
2008-10-20 15:00 <DIR> --d----- c:\program files\Canon
2008-10-20 15:00 <DIR> --d----- c:\program files\dvdSanta
2008-10-20 14:59 <DIR> --d----- c:\program files\BulletProof MP3 Ripper
2008-10-20 14:59 <DIR> --d----- c:\program files\Axis Communications
2008-10-20 14:58 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\ActiveSMART
2008-10-18 18:53 <DIR> --d----- c:\program files\MagicISO
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-13 05:22 <DIR> --d----- c:\program files\Microsoft
2008-10-13 05:21 <DIR> --d----- c:\program files\common files\Windows Live
2008-10-05 19:18 <DIR> --d----- c:\program files\Devnz
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-17 22:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Maxtor
2008-09-15 12:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-10 18:06 <DIR> --d----- c:\docume~1\mick\applic~1\TVU Networks
2008-09-10 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2008-09-10 01:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-08 23:03 51,712 a------- c:\windows\system32\sirenacm.dll
2008-09-04 17:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-23 10:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IM
2008-08-23 10:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IncrediMail
2008-07-07 06:40 <DIR> --d----- c:\docume~1\mick\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-06-21 09:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kontiki
2008-06-21 09:28 <DIR> --d----- c:\docume~1\mick\applic~1\{3F3C1848-EDD1-411D-B240-F91B269B86A0}
2008-06-18 19:15 <DIR> --d----- c:\docume~1\mick\applic~1\vlc
2008-06-05 11:24 <DIR> --d----- c:\docume~1\mick\applic~1\Samsung
2008-06-02 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2008-05-23 16:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2008-05-10 10:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-05-04 14:02 <DIR> --d----- c:\docume~1\mick\applic~1\SopCast
2008-05-04 13:55 <DIR> --d----- c:\docume~1\mick\applic~1\PPMate
2008-03-12 08:42 <DIR> --d----- c:\docume~1\mick\applic~1\MSN6
2008-02-14 10:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSN6
2008-01-05 22:37 <DIR> --d----- c:\docume~1\mick\applic~1\Canon
2008-01-05 22:19 <DIR> --d----- c:\docume~1\mick\applic~1\ScanSoft
2008-01-03 21:18 <DIR> --d----- c:\docume~1\mick\applic~1\mIRC
2008-07-13 06:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071320080714\index.dat

============= FINISH: 14:21:21.06 ===============