Jump to content

Browser redirects, no Windows Update or DHCP


Recommended Posts

First time here so apologies in advance for any misdemeanours I might do!

Major problem is browser redirection from Google, cant connect to Windows Update and DHCP not working - not sure how much of that is to do with Malware though.

Have tried a number of anti-malware products but all to no avail so I am following the thread "I'm infected - What do I do now?...."

MWAM has been run several times and show no errors

HJT ran OK - logs attached

DDS ran OK - logs attached or below

GMER - locked up with last item on list SYSTEM\WPA\SigningHash-V44KQMCFXKQCTQ

Have attached ROOTKITREVEALER output in case that helps

Thanks in advance for looking into this

Clive

DDS (Ver_10-03-17.01) - NTFSx86

Run by Pauline_2 at 14:28:23.41 on 29/07/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1423 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\temp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://bt.yahoo.com

uSearch Page = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk

uDefault_Page_URL = hxxp://bt.yahoo.com

uWindow Title = Windows Internet Explorer provided by BT Yahoo!

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"

mSearchAssistant = hxxp://www.google.com/ie

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll

TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Felix II] c:\program files\screenmates\felix ii\Felix2.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155927156846

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: {45078224-3216-44B1-B063-34376A0D79C2} = 192.168.1.254

Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paulin~1\applic~1\mozilla\firefox\profiles\44hja4ne.default\

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-26 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-26 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-26 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-26 308136]

S?4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-22 38224]

S0 qvccjld;qvccjld;c:\windows\system32\drivers\ahxkbv.sys --> c:\windows\system32\drivers\ahxkbv.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]

S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S3 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]

S3 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]

S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]

S4 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]

=============== Created Last 30 ================

2010-07-29 12:37:38 0 ----a-w- c:\documents and settings\pauline_2\defogger_reenable

2010-07-29 12:37:30 525824 ----a-w- c:\temp\dds.scr

2010-07-29 12:37:30 293376 ----a-w- c:\temp\h27d4ui0.exe

2010-07-29 12:37:28 388608 ----a-w- c:\temp\HijackThis2.exe

2010-07-29 12:37:26 50477 ----a-w- c:\temp\Defogger.exe

2010-07-29 11:50:04 334720 ----a-w- c:\temp\RootkitRevealer.exe

2010-07-28 18:13:29 0 d-sh--r- C:\cmdcons

2010-07-28 18:13:28 0 d-----w- c:\windows\setup.pss

2010-07-28 18:13:09 0 d-----w- c:\windows\setupupd

2010-07-28 15:23:11 910 ----a-w- c:\temp\reg.bat

2010-07-28 14:55:37 23040 ----a-w- c:\windows\system32\drivers\dvojpnmv.sys

2010-07-28 12:10:32 0 d-----w- c:\windows\system32\MpEngineStore

2010-07-28 10:32:15 8628 ---ha-w- c:\windows\system32\dlcdceip.GID

2010-07-27 10:17:10 0 d-----w- C:\I386

2010-07-27 09:38:00 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-07-27 09:37:56 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-07-27 09:37:55 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-07-27 09:37:51 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-07-27 09:37:47 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-07-27 09:37:26 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2010-07-27 09:37:25 28288 ----a-w- c:\windows\system32\dllcache\xjis.nls

2010-07-27 09:37:21 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-07-27 09:37:20 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-07-27 09:37:16 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-07-27 09:37:14 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2010-07-27 09:35:59 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys

2010-07-27 09:34:58 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll

2010-07-27 09:33:58 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll

2010-07-27 09:32:59 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys

2010-07-27 09:31:55 61824 ----a-w- c:\windows\system32\dllcache\speed.sys

2010-07-27 09:30:57 33792 ----a-w- c:\windows\system32\dllcache\smb0w.dll

2010-07-27 07:02:37 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-07-26 11:38:29 0 d-sh--w- c:\documents and settings\pauline_2\PrivacIE

2010-07-26 10:31:39 0 d--h--w- C:\$AVG

2010-07-26 09:57:07 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll

2010-07-26 09:57:03 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll

2010-07-26 09:57:03 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys

2010-07-26 09:55:57 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll

2010-07-26 09:54:59 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys

2010-07-26 09:53:57 83748 ----a-w- c:\windows\system32\dllcache\prcp.nls

2010-07-26 09:52:59 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys

2010-07-26 09:51:56 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys

2010-07-26 09:50:58 27936 ----a-w- c:\windows\system32\dllcache\n9i3d.sys

2010-07-26 09:49:59 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-07-26 09:48:59 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys

2010-07-26 09:47:58 9216 ----a-w- c:\windows\system32\dllcache\kbdnecat.dll

2010-07-26 09:46:59 44032 ----a-w- c:\windows\system32\dllcache\imekrmig.exe

2010-07-26 09:45:59 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys

2010-07-26 09:44:58 89088 ----a-w- c:\windows\system32\dllcache\hpgt33.dll

2010-07-26 09:43:57 27165 ----a-w- c:\windows\system32\dllcache\fetnd5.sys

2010-07-26 09:42:59 144896 ----a-w- c:\windows\system32\dllcache\epcfw2k.sys

2010-07-26 09:41:59 6729 ----a-w- c:\windows\system32\dllcache\disrvci.dll

2010-07-26 09:40:59 72832 ----a-w- c:\windows\system32\dllcache\cwbwdm.sys

2010-07-26 09:39:59 66082 ----a-w- c:\windows\system32\dllcache\c_28596.nls

2010-07-26 09:38:55 77568 ----a-w- c:\windows\system32\dllcache\ati.sys

2010-07-26 09:26:58 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-26 09:26:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-26 09:26:51 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-26 09:26:42 0 d-----w- c:\windows\system32\drivers\Avg

2010-07-26 09:26:20 0 d-----w- c:\program files\AVG

2010-07-26 09:26:19 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2010-07-26 08:45:55 0 d-----w- c:\docume~1\paulin~1\applic~1\Malwarebytes

2010-07-23 17:54:51 0 d-----w- C:\!KillBox

2010-07-23 17:44:15 574 ----a-w- C:\cleanup.bat

2010-07-23 17:44:15 19286 ----a-w- C:\cleanup.exe

2010-07-23 17:44:15 135168 ----a-w- C:\zip.exe

2010-07-23 15:31:04 93393016 ----a-w- c:\temp\avg_free_stf_en_90_851a3009.exe

2010-07-23 10:07:37 218624 ----a-w- c:\windows\system32\dllcache\uxtheme.dll

2010-07-23 10:07:37 218624 ------w- c:\windows\system32\uxtheme.dll

2010-07-23 08:23:35 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll

2010-07-23 08:23:28 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2010-07-23 08:23:21 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe

2010-07-23 08:23:21 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll

2010-07-23 08:23:20 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll

2010-07-23 08:23:20 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll

2010-07-23 08:23:20 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe

2010-07-23 08:23:19 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll

2010-07-23 08:23:12 94720 ----a-w- c:\windows\system32\dllcache\certmap.ocx

2010-07-22 22:18:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-22 22:18:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-22 22:18:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-22 22:18:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-22 14:05:01 66591 ----a-w- c:\windows\system32\drivers\el90xbc5.sys

2010-07-22 14:05:01 66591 ----a-w- c:\windows\system32\dllcache\el90xbc5.sys

2010-07-11 15:50:28 0 d-----w- c:\windows\system32\wbem\Repository

2010-07-07 21:08:43 0 d-----w- c:\program files\thinkbroadband.com

2010-07-06 05:06:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2007-08-03 21:28:45 251 -c--a-w- c:\program files\wt3d.ini

2007-01-19 14:11:37 119712 -c--a-w- c:\program files\MF

2010-04-28 15:13:52 88 --sh--r- c:\windows\system32\6DCABCE6BD.sys

2008-04-17 21:29:42 56 -csh--r- c:\windows\system32\BDE6BCCA6D.sys

2010-04-28 15:13:58 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-08-28 13:25:59 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 14:31:21.50 ===============

END

Attach.zip

Link to post
Share on other sites

I have done a few more things since my original posting:

RootKitRevealer

OTL - tried to upload the results of this but it doesn't seem to be posted

TDSSKiller.exe - this found one problem and fixed it

Combofix.exe

Now Windows Update is working again. Once all the updates have been applied I will check whether DHCP is working or not.

Time will tell about the browser hijacking!!

Happy to have any further input or advice in the meantime

Thanks

Clive

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.