Tech Support Forum - View Single Post - Constant page re-directing and trojan horse

MICKFLAN · 12-04-2008, 05:17 PM

Thank you for all that help heres the logs you aked for:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 5, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 04, 2008 16:03:39
Records in database: 1436568
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 113198
Threat name: 3
Infected objects: 6
Suspicious objects: 1
Duration of the scan: 01:43:12

File name / Threat name / Threats count
C:\Documents and Settings\mick\Desktop\myriad-private.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Documents and Settings\mick\Desktop\New Folder\Myriad ( karaoke4u).zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Documents and Settings\mick\Desktop\programmes\karoke burnt dics\karaoke4u-myriad.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Documents and Settings\mick\Local Settings\Application Data\Identities\{7420A198-0694-492C-A04D-B7602741BBC1}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Myriad\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Share\essential karaoke\Essential Karaoke Party Cd G Vol 16 From.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\WINDOWS\Motive\btbb\UninstallHelper.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1

The selected area was scanned.

DDS (Version 1.0) - NTFSx86
Run by mick at 0:12:59.21 on 05/12/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1328 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Documents and Settings\mick\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\program files\windows live\messenger\wlchtc.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [ScanSoft OmniPage SE 4.0-reminder] "c:\program files\scansoft\omnipagese4.0\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipagese4.0\ereg\ereg.ini"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [btbb_wcm_McciTrayApp] "c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\exif launcher\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-10 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-10 26824]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-5 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-5 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-10 76040]
R2 McciCMService;McciCMService;"c:\program files\common files\motive\McciCMService.exe" [2008-10-31 303104]
R3 MRESP50;MRESP50 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MRESP50.SYS [2008-10-31 20096]
R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-11-16 167424]
S2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2008-1-2 945920]
S3 Cap7134;Philips Cap7134 Capture;c:\windows\system32\drivers\Cap7134.sys []
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-6 31592]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-5-23 13352]
S3 MREMP50;MREMP50 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MREMP50.SYS [2008-10-31 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MREMP50a64.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MRESP50a64.SYS []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-11-6 175872]

=============== Created Last 30 ================

2008-12-04 22:15 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-02 23:29 <DIR> a-dshr-- C:\cmdcons
2008-12-02 23:28 <DIR> --d----- C:\ComboFix
2008-12-02 18:04 161,792 a------- c:\windows\SWREG.exe
2008-12-02 18:04 98,816 a------- c:\windows\sed.exe
2008-12-02 14:03 250 a------- c:\windows\gmer.ini
2008-12-01 22:18 241 a------- c:\windows\wininit.ini
2008-12-01 13:28 860,160 a------- c:\windows\system32\xVideoOCX.ocx
2008-12-01 13:28 137,000 a------- c:\windows\system32\msmapi32.ocx
2008-12-01 13:28 103,744 a------- c:\windows\system32\MSCOMM32.ocx
2008-12-01 13:28 26,896 a------- c:\windows\system32\hh.exe
2008-12-01 13:28 <DIR> --d----- c:\program files\Studio Surveillance
2008-12-01 00:32 2,657 a------- C:\timhillone.mov
2008-12-01 00:32 785 a------- C:\qtviewer.html
2008-12-01 00:32 620 a------- C:\qtviewer.smil
2008-12-01 00:18 <DIR> --d----- C:\TimHO_Rec
2008-12-01 00:11 <DIR> --d----- c:\program files\LEDSET
2008-11-24 11:42 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{174BEB07-CB76-4EAC-91FD-95CD34E9901B}
2008-11-24 11:42 <DIR> --d----- c:\program files\Karaoke Zip Scanner
2008-11-22 16:35 <DIR> a-d----- C:\Myriad
2008-11-16 19:18 0 a------- c:\windows\system32\swunilog.ini
2008-11-16 19:18 237,568 a----r-- c:\windows\system32\SiSWPars.dll
2008-11-16 19:18 167,424 a----r-- c:\windows\system32\drivers\sis163u.sys
2008-11-16 19:18 155,648 a----r-- c:\windows\system32\SiSWInst.dll
2008-11-16 19:18 49,152 a----r-- c:\windows\system32\SiSWBase.dll
2008-11-13 08:12 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 08:12 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-06 19:27 175,872 a------- c:\windows\system32\drivers\RTL8187.sys

==================== Find3M ====================

2008-12-01 23:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-01 21:10 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-30 20:27 <DIR> --d----- c:\program files\MP3+G Toolz .NET 4
2008-11-23 13:04 <DIR> --d----- c:\program files\Karaoke Song List Creator
2008-11-18 07:06 <DIR> --d----- c:\program files\Xfire
2008-11-17 21:16 <DIR> --d----- c:\docume~1\mick\applic~1\Xfire
2008-11-03 20:23 183,120 a------- c:\windows\system32\PnkBstrB.exe
2008-10-31 09:57 <DIR> --d----- c:\program files\BT Broadband Desktop Help
2008-10-31 09:56 <DIR> --d----- c:\program files\common files\Motive
2008-10-30 01:24 42,320 a------- c:\windows\system32\xfcodec.dll
2008-10-20 23:25 <DIR> --d----- c:\program files\SpeedFan
2008-10-20 15:03 <DIR> --d----- c:\program files\Total Video2DVD Author
2008-10-20 15:02 <DIR> --d----- c:\program files\Sony Ericsson
2008-10-20 15:01 <DIR> --d----- c:\program files\k4uTool
2008-10-20 15:00 <DIR> --d----- c:\program files\IKEA Home Planner Kitchen
2008-10-20 15:00 <DIR> --d----- c:\program files\Canon
2008-10-20 15:00 <DIR> --d----- c:\program files\dvdSanta
2008-10-20 14:59 <DIR> --d----- c:\program files\BulletProof MP3 Ripper
2008-10-20 14:59 <DIR> --d----- c:\program files\Axis Communications
2008-10-20 14:58 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\ActiveSMART
2008-10-18 18:53 <DIR> --d----- c:\program files\MagicISO
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-13 05:22 <DIR> --d----- c:\program files\Microsoft
2008-10-13 05:21 <DIR> --d----- c:\program files\common files\Windows Live
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-17 22:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Maxtor
2008-09-15 12:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-10 18:06 <DIR> --d----- c:\docume~1\mick\applic~1\TVU Networks
2008-09-10 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2008-09-10 01:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-08 23:03 51,712 a------- c:\windows\system32\sirenacm.dll
2008-08-23 10:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IM
2008-08-23 10:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IncrediMail
2008-07-07 06:40 <DIR> --d----- c:\docume~1\mick\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-06-21 09:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kontiki
2008-06-21 09:28 <DIR> --d----- c:\docume~1\mick\applic~1\{3F3C1848-EDD1-411D-B240-F91B269B86A0}
2008-06-18 19:15 <DIR> --d----- c:\docume~1\mick\applic~1\vlc
2008-06-05 11:24 <DIR> --d----- c:\docume~1\mick\applic~1\Samsung
2008-06-02 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2008-05-23 16:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2008-05-10 10:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-05-04 14:02 <DIR> --d----- c:\docume~1\mick\applic~1\SopCast
2008-05-04 13:55 <DIR> --d----- c:\docume~1\mick\applic~1\PPMate
2008-03-12 08:42 <DIR> --d----- c:\docume~1\mick\applic~1\MSN6
2008-02-14 10:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSN6
2008-01-05 22:37 <DIR> --d----- c:\docume~1\mick\applic~1\Canon
2008-01-05 22:19 <DIR> --d----- c:\docume~1\mick\applic~1\ScanSoft
2008-01-03 21:18 <DIR> --d----- c:\docume~1\mick\applic~1\mIRC
2008-07-13 06:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071320080714\index.dat

============= FINISH: 0:13:27.00 ===============

12-04-2008, 05:17 PM	#7 (permalink)
MICKFLAN Registered User Join Date: Dec 2007 Posts: 9 OS: WINXP	Re: Constant page re-directing and trojan horse Thank you for all that help heres the logs you aked for: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, December 5, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, December 04, 2008 16:03:39 Records in database: 1436568 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Files scanned: 113198 Threat name: 3 Infected objects: 6 Suspicious objects: 1 Duration of the scan: 01:43:12 File name / Threat name / Threats count C:\Documents and Settings\mick\Desktop\myriad-private.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 C:\Documents and Settings\mick\Desktop\New Folder\Myriad ( karaoke4u).zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 C:\Documents and Settings\mick\Desktop\programmes\karoke burnt dics\karaoke4u-myriad.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 C:\Documents and Settings\mick\Local Settings\Application Data\Identities\{7420A198-0694-492C-A04D-B7602741BBC1}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Myriad\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 C:\Share\essential karaoke\Essential Karaoke Party Cd G Vol 16 From.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 C:\WINDOWS\Motive\btbb\UninstallHelper.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1 The selected area was scanned. DDS (Version 1.0) - NTFSx86 Run by mick at 0:12:59.21 on 05/12/2008 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1328 [GMT 0:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\avgscanx.exe C:\Documents and Settings\mick\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = 127.0.0.1 BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\program files\windows live\messenger\wlchtc.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SoundMan] SOUNDMAN.EXE mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [ScanSoft OmniPage SE 4.0-reminder] "c:\program files\scansoft\omnipagese4.0\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipagese4.0\ereg\ereg.ini" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [btbb_wcm_McciTrayApp] "c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\exif launcher\QuickDCF.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-10 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-10 26824] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-5 875288] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-5 231704] R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-10 76040] R2 McciCMService;McciCMService;"c:\program files\common files\motive\McciCMService.exe" [2008-10-31 303104] R3 MRESP50;MRESP50 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MRESP50.SYS [2008-10-31 20096] R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-11-16 167424] S2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [2005-3-15 277504] S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2008-1-2 945920] S3 Cap7134;Philips Cap7134 Capture;c:\windows\system32\drivers\Cap7134.sys [] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-6 31592] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-5-23 13352] S3 MREMP50;MREMP50 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MREMP50.SYS [2008-10-31 21248] S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MREMP50a64.SYS [] S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;\??\c:\progra~1\common~1\motive\MRESP50a64.SYS [] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-11-6 175872] =============== Created Last 30 ================ 2008-12-04 22:15 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-02 23:29 <DIR> a-dshr-- C:\cmdcons 2008-12-02 23:28 <DIR> --d----- C:\ComboFix 2008-12-02 18:04 161,792 a------- c:\windows\SWREG.exe 2008-12-02 18:04 98,816 a------- c:\windows\sed.exe 2008-12-02 14:03 250 a------- c:\windows\gmer.ini 2008-12-01 22:18 241 a------- c:\windows\wininit.ini 2008-12-01 13:28 860,160 a------- c:\windows\system32\xVideoOCX.ocx 2008-12-01 13:28 137,000 a------- c:\windows\system32\msmapi32.ocx 2008-12-01 13:28 103,744 a------- c:\windows\system32\MSCOMM32.ocx 2008-12-01 13:28 26,896 a------- c:\windows\system32\hh.exe 2008-12-01 13:28 <DIR> --d----- c:\program files\Studio Surveillance 2008-12-01 00:32 2,657 a------- C:\timhillone.mov 2008-12-01 00:32 785 a------- C:\qtviewer.html 2008-12-01 00:32 620 a------- C:\qtviewer.smil 2008-12-01 00:18 <DIR> --d----- C:\TimHO_Rec 2008-12-01 00:11 <DIR> --d----- c:\program files\LEDSET 2008-11-24 11:42 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{174BEB07-CB76-4EAC-91FD-95CD34E9901B} 2008-11-24 11:42 <DIR> --d----- c:\program files\Karaoke Zip Scanner 2008-11-22 16:35 <DIR> a-d----- C:\Myriad 2008-11-16 19:18 0 a------- c:\windows\system32\swunilog.ini 2008-11-16 19:18 237,568 a----r-- c:\windows\system32\SiSWPars.dll 2008-11-16 19:18 167,424 a----r-- c:\windows\system32\drivers\sis163u.sys 2008-11-16 19:18 155,648 a----r-- c:\windows\system32\SiSWInst.dll 2008-11-16 19:18 49,152 a----r-- c:\windows\system32\SiSWBase.dll 2008-11-13 08:12 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2008-11-13 08:12 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll 2008-11-06 19:27 175,872 a------- c:\windows\system32\drivers\RTL8187.sys ==================== Find3M ==================== 2008-12-01 23:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2008-12-01 21:10 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2008-11-30 20:27 <DIR> --d----- c:\program files\MP3+G Toolz .NET 4 2008-11-23 13:04 <DIR> --d----- c:\program files\Karaoke Song List Creator 2008-11-18 07:06 <DIR> --d----- c:\program files\Xfire 2008-11-17 21:16 <DIR> --d----- c:\docume~1\mick\applic~1\Xfire 2008-11-03 20:23 183,120 a------- c:\windows\system32\PnkBstrB.exe 2008-10-31 09:57 <DIR> --d----- c:\program files\BT Broadband Desktop Help 2008-10-31 09:56 <DIR> --d----- c:\program files\common files\Motive 2008-10-30 01:24 42,320 a------- c:\windows\system32\xfcodec.dll 2008-10-20 23:25 <DIR> --d----- c:\program files\SpeedFan 2008-10-20 15:03 <DIR> --d----- c:\program files\Total Video2DVD Author 2008-10-20 15:02 <DIR> --d----- c:\program files\Sony Ericsson 2008-10-20 15:01 <DIR> --d----- c:\program files\k4uTool 2008-10-20 15:00 <DIR> --d----- c:\program files\IKEA Home Planner Kitchen 2008-10-20 15:00 <DIR> --d----- c:\program files\Canon 2008-10-20 15:00 <DIR> --d----- c:\program files\dvdSanta 2008-10-20 14:59 <DIR> --d----- c:\program files\BulletProof MP3 Ripper 2008-10-20 14:59 <DIR> --d----- c:\program files\Axis Communications 2008-10-20 14:58 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\ActiveSMART 2008-10-18 18:53 <DIR> --d----- c:\program files\MagicISO 2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll 2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll 2008-10-13 05:22 <DIR> --d----- c:\program files\Microsoft 2008-10-13 05:21 <DIR> --d----- c:\program files\common files\Windows Live 2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll 2008-09-17 22:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Maxtor 2008-09-15 12:12 1,846,400 a------- c:\windows\system32\win32k.sys 2008-09-10 18:06 <DIR> --d----- c:\docume~1\mick\applic~1\TVU Networks 2008-09-10 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks 2008-09-10 01:14 1,307,648 -------- c:\windows\system32\msxml6.dll 2008-09-08 23:03 51,712 a------- c:\windows\system32\sirenacm.dll 2008-08-23 10:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IM 2008-08-23 10:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IncrediMail 2008-07-07 06:40 <DIR> --d----- c:\docume~1\mick\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-06-21 09:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kontiki 2008-06-21 09:28 <DIR> --d----- c:\docume~1\mick\applic~1\{3F3C1848-EDD1-411D-B240-F91B269B86A0} 2008-06-18 19:15 <DIR> --d----- c:\docume~1\mick\applic~1\vlc 2008-06-05 11:24 <DIR> --d----- c:\docume~1\mick\applic~1\Samsung 2008-06-02 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia 2008-05-23 16:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson 2008-05-10 10:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2008-05-04 14:02 <DIR> --d----- c:\docume~1\mick\applic~1\SopCast 2008-05-04 13:55 <DIR> --d----- c:\docume~1\mick\applic~1\PPMate 2008-03-12 08:42 <DIR> --d----- c:\docume~1\mick\applic~1\MSN6 2008-02-14 10:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSN6 2008-01-05 22:37 <DIR> --d----- c:\docume~1\mick\applic~1\Canon 2008-01-05 22:19 <DIR> --d----- c:\docume~1\mick\applic~1\ScanSoft 2008-01-03 21:18 <DIR> --d----- c:\docume~1\mick\applic~1\mIRC 2008-07-13 06:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071320080714\index.dat ============= FINISH: 0:13:27.00 ===============