Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirecter


  • Please log in to reply
20 replies to this topic

#1 dagun

dagun

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 28 November 2010 - 05:42 AM

Greetings, since yesterday some results i've clicked on from google are being re-directed. EDIT: after-though, did have a few blank pages generated yesterday in firefox appeared to be legit sites but am unsure, has not occured today.

Have already tried:

System Restore (1,3,7 days ago, no effect on all.)
Malwarebyte's antimalware (found nil)
SuperAntiSpyware (found nil)
NOD32 (Full version, found something, had no effect on browser redirecter)
Kaspersky (Full version, found nothing)
Cleared Cache + temp + cookies etc (ccleaner + some other funky little thing i saw used in another thread, atf? atp? something to that nature, has seperate option to clear firefox data which also ran, did this with firefox installed + uninstalled, same result, nothing changes.)

Uninstalled firefox, cleared all files (including clearing registry + mozilla folder) reinstalled, still persistant. Have since installed chrome and have found it also afflicts chrome.

Have run Proccess Hacker and scanned for hidden processes which found nil. (checking both CSR handles and bruteforce) Did a search on any process i didn't recognise which again come up with nil.

Am unable to run Defogger (the anti-emulatory software) due to consistant BSOD on windows boot if used, have tried twice with both leading to BSOD on windows initialization. Have instead uninstalled all emulator software i am aware of, hopefully that'll do same job.

DDS.txt :


DDS (Ver_10-11-27.01) - NTFSx86
Run by Dagun at 10:14:45.51 on 28/11/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3063.1706 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Dagun\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {52f84af6-74e1-2ff8-7bcd-1bda6fbe1eb1} - c:\windows\system32\mssi.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [EPSON SX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifbe.exe /fu "c:\windows\temp\E_S39D2.tmp" /EF "HKCU"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\dagun\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [MSIAfterburner] "c:\program files\msi afterburner\MSIAfterburnerWrapper.exe" /s
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
uPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 192.168.2.2 apachekitten.dyndns.org
Hosts: 192.168.2.1 apachekitten.dyndns.org
Hosts: 82.34.132.116 apachekitten.dyndns.org
================= FIREFOX ===================

FF - ProfilePath - c:\users\dagun\appdata\roaming\mozilla\firefox\profiles\z3ughe6k.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\dagun\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\dagun\appdata\roaming\mozilla\firefox\profiles\z3ughe6k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Personas: personas@christopher.beard - c:\users\dagun\appdata\roaming\mozilla\firefox\profiles\z3ughe6k.default\extensions\personas@christopher.beard
FF - Extension: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - c:\users\dagun\appdata\roaming\mozilla\firefox\profiles\z3ughe6k.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\users\dagun\appdata\roaming\mozilla\firefox\profiles\z3ughe6k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: TinEye Reverse Image Search: tineye@ideeinc.com - c:\users\dagun\appdata\roaming\mozilla\firefox\profiles\z3ughe6k.default\extensions\tineye@ideeinc.com

============= SERVICES / DRIVERS ===============

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-8-11 90112]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\highresolution enterprises\x-mouse button control\XMouseButtonSvc.exe [2010-7-26 72704]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-7-24 9856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-10 123496]
R3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2010-6-7 12088]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-10-6 27136]
R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2010-7-24 5760]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-12-11 316416]
S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2010-7-24 39936]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-7-21 20080]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-23 1343400]
S4 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2010-10-6 716024]

=============== Created Last 30 ================

2067-05-27 13:16:26 1249280 ----a-w- c:\program files\microsoft games\impossible creatures\InsectMod.dll
2067-05-21 20:35:22 106496 ----a-w- c:\program files\microsoft games\impossible creatures\Filesystem.dll
2010-11-28 09:27:46 -------- d-----w- c:\program files\Firefox
2010-11-27 21:07:29 -------- d-----w- c:\program files\Activision Value
2010-11-27 19:00:42 -------- d-----w- c:\program files\Sol Edit
2010-11-27 18:30:23 -------- d-----w- C:\Kane & Lynch 2- Dog Days
2010-11-26 21:19:47 -------- d-----w- c:\program files\LeeGTs Games
2010-11-26 18:54:36 -------- d-----w- c:\progra~2\Apache
2010-11-25 20:20:48 -------- d-----w- c:\program files\Gmask 1.70 English
2010-11-22 21:51:05 -------- d-----w- C:\gearcalc
2010-11-20 16:58:40 -------- d-----w- c:\users\dagun\appdata\roaming\LolClient
2010-11-20 16:54:05 -------- d-----w- C:\Riot Games
2010-11-20 15:51:45 -------- d-----w- C:\Lol
2010-11-20 15:32:24 -------- d-----w- C:\Counter-Strike 2D
2010-11-20 15:31:38 -------- d-----w- C:\Stranded II
2010-11-20 12:07:19 -------- d-----w- C:\Blackop
2010-11-18 14:38:44 -------- d-----w- C:\Shadow Wars
2010-11-17 19:55:06 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-11-17 19:55:06 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-11-17 19:55:05 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-11-17 14:45:16 -------- d-----w- c:\users\dagun\appdata\local\Risen
2010-11-17 14:43:39 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-11-17 14:37:33 -------- d-----w- c:\program files\Deep Silver
2010-11-16 21:07:40 -------- d-----w- c:\program files\1C Company
2010-11-14 17:58:49 -------- d-----w- c:\users\dagun\appdata\local\Two Worlds II
2010-11-14 16:09:04 -------- d-----w- c:\windows\Branding
2010-11-14 12:14:41 -------- d-----w- c:\program files\Crime Fighter
2010-11-14 12:08:33 -------- d--h--w- c:\windows\PIF
2010-11-14 12:08:23 -------- d-----w- C:\CRIME
2010-11-14 09:45:14 -------- d-----w- c:\program files\Arcen Games, LLC
2010-11-14 09:07:59 -------- d-----w- c:\program files\Starscape
2010-11-13 18:30:43 -------- d-----w- c:\program files\Ichor
2010-11-13 17:55:32 -------- d-----w- c:\program files\Zombie Driver
2010-11-13 11:15:04 -------- d-----w- c:\users\dagun\appdata\roaming\Auslogics
2010-11-09 15:51:25 -------- d-----w- c:\program files\Fort Zombie
2010-11-08 14:45:06 -------- d-----w- c:\program files\JoWooD Entertainment AG
2010-11-08 12:48:55 -------- d-----w- c:\users\dagun\appdata\local\bizarre creations
2010-11-07 09:13:11 -------- d-----w- c:\windows\system32\3095
2010-11-06 15:43:06 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-11-06 15:43:06 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-11-06 15:43:06 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-11-06 15:43:06 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2010-11-06 15:43:06 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-11-06 15:43:06 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-11-06 15:43:06 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-11-06 15:42:37 -------- d-----w- c:\users\dagun\appdata\local\Oblivion
2010-11-06 09:43:01 545 ----a-w- c:\windows\UC.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\RAR.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\LHA.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\ARJ.PIF
2010-11-06 09:43:01 -------- d-----w- c:\users\dagun\appdata\roaming\GHISLER
2010-11-04 19:58:17 -------- d-----w- c:\program files\Cyanide
2010-11-03 18:42:50 407104 ------w- c:\windows\system32\MSHFLXGD.OCX
2010-11-03 18:42:50 244416 ------w- c:\windows\system32\MSFLXGRD.OCX
2010-11-03 18:42:50 226328 ------w- c:\windows\system32\FLEXWIZ.OCX
2010-11-03 18:42:50 209608 ------w- c:\windows\system32\tabctl32.ocx
2010-11-03 18:42:50 118784 ------w- c:\windows\system32\MSSTDFMT.DLL
2010-11-03 18:42:50 1009336 ------w- c:\windows\system32\mschrt20.ocx
2010-11-03 18:34:36 -------- d-----w- c:\program files\MegaDev
2010-11-03 16:21:44 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-11-03 16:18:00 -------- d-----w- c:\program files\Firefly Studios
2010-11-03 16:17:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2010-11-03 16:17:48 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2010-11-03 16:17:48 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2010-11-03 16:17:48 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2010-11-03 16:17:47 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2010-11-03 16:17:46 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2010-11-03 16:17:46 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2010-11-03 15:41:30 -------- d-----w- c:\program files\common files\Macrovision Shared
2010-11-03 15:41:24 -------- d-----w- c:\program files\Rosetta Stone
2010-11-03 15:41:24 -------- d-----w- c:\progra~2\Rosetta Stone
2010-11-02 20:57:50 -------- d-----w- c:\progra~2\WindowsLiveInstaller
2010-11-02 20:54:31 15256 ----a-w- c:\users\dagun\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2010-11-02 16:45:45 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-02 13:43:51 53248 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2010-11-02 13:43:51 126976 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2010-11-02 13:43:50 114688 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2010-11-02 13:43:11 70088 ----a-w- c:\windows\system32\Project2-1.ocx
2010-11-02 13:43:11 614672 ----a-w- c:\windows\system32\temp.002
2010-11-02 13:43:11 16896 ----a-w- c:\windows\system32\temp.000
2010-11-02 13:43:11 164112 ----a-w- c:\windows\system32\temp.001
2010-11-02 13:43:11 1384448 ----a-w- c:\windows\system32\temp.003
2010-11-02 13:43:11 101888 ----a-w- c:\windows\system32\Vb6stkit.dll
2010-11-02 13:03:42 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-02 12:59:36 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-11-02 12:49:36 -------- d-----w- c:\users\dagun\Tracing
2010-11-02 12:47:03 3181568 ----a-w- c:\windows\system32\mf.dll
2010-11-02 12:47:03 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-11-02 12:47:02 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-11-02 12:46:47 6260088 ----a-w- c:\program files\common files\windows live\.cache\21721b51cb7a8c04\Silverlight.4.0.exe
2010-11-02 12:46:13 -------- d-----w- c:\users\dagun\appdata\local\Windows Live
2010-11-02 12:46:11 -------- d-----w- c:\program files\common files\Windows Live
2010-11-01 20:01:19 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2010-11-01 20:01:19 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-11-01 19:58:43 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-11-01 19:58:24 -------- d-----w- c:\windows\SHELLNEW
2010-11-01 19:58:14 -------- d-----w- c:\users\dagun\appdata\local\Microsoft Help
2010-11-01 16:34:19 -------- d-----w- c:\users\dagun\appdata\local\FalloutNV
2010-11-01 16:18:12 -------- d-----w- c:\program files\Bethesda Softworks
2010-11-01 14:20:27 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-11-01 14:20:27 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-11-01 14:20:27 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-11-01 14:20:24 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-11-01 14:20:24 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-11-01 13:39:56 -------- d-----w- c:\program files\Lost Planet 2
2010-10-31 20:33:23 -------- d-----w- c:\program files\VelociGames
2010-10-31 15:25:04 -------- d-----w- c:\program files\GB3 demo
2010-10-29 14:19:38 -------- d-----w- c:\program files\GameBiz2

==================== Find3M ====================

2010-11-13 17:57:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-11-06 15:42:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-16 18:55:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-10-16 18:55:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 12:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-08 10:19:48 218496 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-08 10:19:48 218496 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-06 19:30:11 138056 ----a-w- c:\users\dagun\appdata\roaming\PnkBstrK.sys
2010-10-06 19:29:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-06 15:49:44 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2010-10-04 20:08:57 2098 --sha-w- c:\progra~2\KGyGaAvL.sys
2010-10-04 20:07:36 88 --sh--r- c:\progra~2\8649171969.sys
2010-09-27 11:37:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-27 11:37:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-26 11:21:47 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 20:09:01 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-09-07 20:08:53 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD5000AAKS-007AA0 rev.05.01D05 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-2

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86D40446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86d46504]; MOV EAX, [0x86d46580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8303E458] -> \Device\Harddisk0\DR0[0x86D203F0]
3 CLASSPNP[0x8BBA659E] -> ntkrnlpa!IofCallDriver[0x8303E458] -> [0x86ADA898]
5 ACPI[0x839403B2] -> ntkrnlpa!IofCallDriver[0x8303E458] -> \IdeDeviceP2T0L0-2[0x86B3D030]
\Driver\atapi[0x86D25988] -> IRP_MJ_CREATE -> 0x86D40446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskWDC_WD5000AAKS-007AA0___________________05.01D05#5&2ea7e938&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 10:16:07.03 ===============


GMER's ark.txt and attach.txt are attached to post.

Over to you guys, all anti-virus etc software is uninstalled (although i think anti-malwarebyte's is still installed but not running.) to avoid any conflicts in anything you tell me.

Attached Files


Edited by dagun, 28 November 2010 - 05:45 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:26 PM

Posted 04 December 2010 - 11:06 PM

Hello dagun ,

Posted Image

Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 dagun

dagun
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 05 December 2010 - 03:04 PM

New DDS below (attach is, as usual, in attachment.)

Seems to be less frequent now, however is still occassionally happening. Started working some of this stuff out myself during the wait, managed to get it down to a rootkit which i then mopped up with TDSS killer, however this is still occuring so i'm presuming multiple problems. (Although as i said, this used to be every 10 results, now it's about every 1000 results, happens 1-2 times a day rather than 1-2 times an hour.)

DDS (Ver_10-11-27.01) - NTFSx86
Run by Dagun at 20:01:36.02 on 05/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3063.2067 [GMT 0:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Dagun\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {52f84af6-74e1-2ff8-7bcd-1bda6fbe1eb1} - c:\windows\system32\mssi.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [EPSON SX110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifbe.exe /fu "c:\windows\temp\E_S39D2.tmp" /EF "HKCU"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\dagun\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [MSIAfterburner] "c:\program files\msi afterburner\MSIAfterburnerWrapper.exe" /s
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 192.168.2.2 apachekitten.dyndns.org
Hosts: 192.168.2.1 apachekitten.dyndns.org
Hosts: 82.34.132.116 apachekitten.dyndns.org
================= FIREFOX ===================

FF - ProfilePath - c:\users\dagun\appdata\roaming\mozilla\firefox\profiles\z3ughe6k.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\dagun\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\dagun\appdata\roaming\mozilla\firefox\profiles\z3ughe6k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Personas: personas@christopher.beard - c:\users\dagun\appdata\roaming\mozilla\firefox\profiles\z3ughe6k.default\extensions\personas@christopher.beard
FF - Extension: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - c:\users\dagun\appdata\roaming\mozilla\firefox\profiles\z3ughe6k.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\users\dagun\appdata\roaming\mozilla\firefox\profiles\z3ughe6k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-8-11 90112]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\highresolution enterprises\x-mouse button control\XMouseButtonSvc.exe [2010-7-26 72704]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-7-24 9856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-10 123496]
R3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2010-6-7 12088]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-10-6 27136]
R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2010-7-24 5760]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-12-11 316416]
S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2010-7-24 39936]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-23 1343400]
S4 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2010-10-6 716024]

=============== Created Last 30 ================

2067-05-27 13:16:26 1249280 ----a-w- c:\program files\microsoft games\impossible creatures\InsectMod.dll
2067-05-21 20:35:22 106496 ----a-w- c:\program files\microsoft games\impossible creatures\Filesystem.dll
2010-12-03 20:17:22 -------- d-----w- c:\users\dagun\appdata\local\Ares
2010-12-03 20:17:21 -------- d-----w- c:\program files\Ares
2010-12-02 19:04:35 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-02 19:04:31 -------- d-----w- c:\program files\Xvid
2010-12-02 19:04:11 717125 ----a-w- c:\windows\RON 2010 ENGLISH DL Uninstaller.exe
2010-12-02 18:58:47 -------- d-----w- c:\program files\Rulers Of Nations
2010-12-02 18:58:47 -------- d-----w- c:\program files\common files\Thraex Software
2010-12-02 10:00:47 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-12-02 10:00:16 -------- d-----w- c:\users\dagun\appdata\local\Divinity 2
2010-12-02 10:00:05 -------- d-----w- c:\progra~2\Divinity 2
2010-12-02 09:49:24 -------- d-----w- c:\program files\Divinity II - DKS
2010-12-02 08:01:26 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-02 08:01:26 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-02 08:00:41 -------- d-----w- c:\program files\iPod
2010-12-02 08:00:40 -------- d-----w- c:\program files\iTunes
2010-12-02 07:58:59 -------- d-----w- c:\program files\Bonjour
2010-12-01 19:14:18 -------- d-----w- c:\users\dagun\appdata\roaming\mIRC
2010-12-01 19:14:18 -------- d-----w- c:\program files\mIRC
2010-12-01 08:11:25 -------- d-----w- c:\users\dagun\appdata\local\Apple Computer
2010-12-01 08:09:46 -------- d-----w- c:\users\dagun\appdata\local\Apple
2010-11-30 18:37:38 -------- d-----w- C:\Games
2010-11-30 18:37:09 306688 ----a-w- c:\windows\IsUninst.exe
2010-11-30 11:23:01 -------- d-----w- c:\program files\Plain Sight
2010-11-30 08:44:11 -------- d-----w- c:\program files\Flotilla
2010-11-29 18:50:57 -------- d-----w- c:\program files\Strange Adventures in Infinite Space
2010-11-29 15:34:11 -------- d-----w- c:\users\dagun\appdata\local\Sports Interactive
2010-11-29 15:22:59 -------- d--h--w- c:\program files\Zero G Registry
2010-11-29 15:22:59 -------- d-----w- c:\program files\Sports Interactive
2010-11-29 15:22:32 -------- d--h--w- c:\users\dagun\InstallAnywhere
2010-11-29 15:20:36 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-11-29 13:46:46 -------- d-----w- C:\GT
2010-11-29 13:16:50 -------- d-----w- c:\program files\Vega Strike
2010-11-29 13:05:30 -------- d-----w- c:\program files\WolfQuest
2010-11-29 12:56:19 -------- d-----w- c:\program files\3000AD
2010-11-29 12:52:04 -------- d-----w- C:\dbTemp
2010-11-29 12:51:58 796672 ----a-w- c:\windows\GPInstall.exe
2010-11-29 12:18:14 -------- d-----w- c:\program files\BBProject
2010-11-28 21:02:45 -------- d-----w- c:\windows\The War Engine
2010-11-28 21:02:45 -------- d-----w- C:\Matrix Games
2010-11-28 19:52:30 -------- d-----w- c:\users\dagun\appdata\local\Adobe
2010-11-28 16:47:00 -------- d-----w- c:\program files\National Guard
2010-11-28 15:30:47 -------- d-----w- c:\program files\Sauerbraten
2010-11-28 14:19:58 -------- d-----w- c:\program files\Battleships Forever
2010-11-28 13:14:29 -------- d-----w- c:\users\dagun\appdata\roaming\SUPERAntiSpyware.com
2010-11-28 13:14:29 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-11-28 13:14:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-28 11:41:58 -------- d-----w- c:\users\dagun\appdata\local\Apache
2010-11-28 09:27:46 -------- d-----w- c:\program files\Firefox
2010-11-27 21:07:29 -------- d-----w- c:\program files\Activision Value
2010-11-27 19:00:42 -------- d-----w- c:\program files\Sol Edit
2010-11-27 18:30:23 -------- d-----w- C:\Kane & Lynch 2- Dog Days
2010-11-26 21:19:47 -------- d-----w- c:\program files\LeeGTs Games
2010-11-26 18:54:36 -------- d-----w- c:\progra~2\Apache
2010-11-25 20:20:48 -------- d-----w- c:\program files\Gmask 1.70 English
2010-11-22 21:51:05 -------- d-----w- C:\gearcalc
2010-11-20 16:58:40 -------- d-----w- c:\users\dagun\appdata\roaming\LolClient
2010-11-20 16:54:05 -------- d-----w- C:\Riot Games
2010-11-20 15:51:45 -------- d-----w- C:\Lol
2010-11-20 15:32:24 -------- d-----w- C:\Counter-Strike 2D
2010-11-20 15:31:38 -------- d-----w- C:\Stranded II
2010-11-20 12:07:19 -------- d-----w- C:\Blackop
2010-11-18 14:38:44 -------- d-----w- C:\Shadow Wars
2010-11-17 19:55:06 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-11-17 19:55:06 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-11-17 19:55:05 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-11-17 14:45:16 -------- d-----w- c:\users\dagun\appdata\local\Risen
2010-11-17 14:43:39 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-11-17 14:37:33 -------- d-----w- c:\program files\Deep Silver
2010-11-16 21:07:40 -------- d-----w- c:\program files\1C Company
2010-11-14 17:58:49 -------- d-----w- c:\users\dagun\appdata\local\Two Worlds II
2010-11-14 16:09:04 -------- d-----w- c:\windows\Branding
2010-11-14 12:14:41 -------- d-----w- c:\program files\Crime Fighter
2010-11-14 12:08:33 -------- d--h--w- c:\windows\PIF
2010-11-14 12:08:23 -------- d-----w- C:\CRIME
2010-11-14 09:45:14 -------- d-----w- c:\program files\Arcen Games, LLC
2010-11-14 09:07:59 -------- d-----w- c:\program files\Starscape
2010-11-13 18:30:43 -------- d-----w- c:\program files\Ichor
2010-11-13 17:55:32 -------- d-----w- c:\program files\Zombie Driver
2010-11-13 11:15:04 -------- d-----w- c:\users\dagun\appdata\roaming\Auslogics
2010-11-09 15:51:25 -------- d-----w- c:\program files\Fort Zombie
2010-11-08 14:45:06 -------- d-----w- c:\program files\JoWooD Entertainment AG
2010-11-08 12:48:55 -------- d-----w- c:\users\dagun\appdata\local\bizarre creations
2010-11-07 09:13:11 -------- d-----w- c:\windows\system32\3095
2010-11-06 15:43:06 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-11-06 15:43:06 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-11-06 15:43:06 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-11-06 15:43:06 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2010-11-06 15:43:06 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-11-06 15:43:06 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-11-06 15:43:06 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-11-06 15:42:37 -------- d-----w- c:\users\dagun\appdata\local\Oblivion
2010-11-06 09:43:01 545 ----a-w- c:\windows\UC.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\RAR.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\LHA.PIF
2010-11-06 09:43:01 545 ----a-w- c:\windows\ARJ.PIF
2010-11-06 09:43:01 -------- d-----w- c:\users\dagun\appdata\roaming\GHISLER

==================== Find3M ====================

2010-11-13 17:57:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-11-06 15:42:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-16 18:55:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-10-16 18:55:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 12:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-08 10:19:48 218496 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-08 10:19:48 218496 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-07 12:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 12:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 12:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 12:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-10-06 19:30:11 138056 ----a-w- c:\users\dagun\appdata\roaming\PnkBstrK.sys
2010-10-06 19:29:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-06 15:49:44 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2010-10-04 20:08:57 2098 --sha-w- c:\progra~2\KGyGaAvL.sys
2010-10-04 20:07:36 88 --sh--r- c:\progra~2\8649171969.sys
2010-09-28 15:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-27 11:37:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-27 11:37:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-26 11:21:47 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 11:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 11:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 20:09:01 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-09-07 20:08:53 813672 ----a-w- c:\windows\system32\nvgenco32.dll

============= FINISH: 20:02:09.01 ===============

Attached Files


Edited by dagun, 05 December 2010 - 03:06 PM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:26 PM

Posted 05 December 2010 - 03:13 PM

Hello there,

Then let's see if there was something going on other than the rootkit. Sometimes other things aren't apparent until that gets shaken loose.


This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to dagun.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 dagun

dagun
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 05 December 2010 - 03:32 PM

Hi tea. =)

Ran combofix as requested, was quite impressed think it's a first that any form of auto-run fixer thingy has ran and not BSOD me.

One log:

ComboFix 10-12-04.02 - Dagun 05/12/2010 20:17:19.1.8 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3063.2054 [GMT 0:00]
Running from: c:\users\Dagun\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Dagun\AppData\Roaming\SQLite3.dll
c:\windows\Install
c:\windows\system32\3095
c:\windows\system32\3095\inf3095.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2067-05-27 13:16 . 2010-08-11 17:48 1249280 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\InsectMod.dll
2067-05-21 20:35 . 2003-06-05 15:40 106496 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Filesystem.dll
2010-12-05 20:24 . 2010-12-05 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-04 11:16 . 2010-12-04 11:23 -------- d-----w- c:\program files\Ubisoft
2010-12-03 20:17 . 2010-12-03 20:17 -------- d-----w- c:\users\Dagun\AppData\Local\Ares
2010-12-03 20:17 . 2010-12-03 20:27 -------- d-----w- c:\program files\Ares
2010-12-02 19:04 . 2009-06-07 16:25 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-02 19:04 . 2010-12-02 19:04 -------- d-----w- c:\program files\Xvid
2010-12-02 19:04 . 2010-12-02 19:05 717125 ----a-w- c:\windows\RON 2010 ENGLISH DL Uninstaller.exe
2010-12-02 18:58 . 2010-12-03 10:58 -------- d-----w- c:\program files\Rulers Of Nations
2010-12-02 18:58 . 2010-12-02 18:58 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-12-02 10:00 . 2010-12-02 10:00 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-12-02 10:00 . 2010-12-02 10:01 -------- d-----w- c:\users\Dagun\AppData\Local\Divinity 2
2010-12-02 10:00 . 2010-12-02 10:00 -------- d-----w- c:\programdata\Divinity 2
2010-12-02 09:49 . 2010-12-02 10:00 -------- d-----w- c:\program files\Divinity II - DKS
2010-12-02 08:01 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-02 08:01 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-01 19:14 . 2010-12-02 09:04 -------- d-----w- c:\users\Dagun\AppData\Roaming\mIRC
2010-12-01 19:14 . 2010-12-02 08:49 -------- d-----w- c:\program files\mIRC
2010-12-01 08:11 . 2010-12-01 08:11 -------- d-----w- c:\users\Dagun\AppData\Local\Apple Computer
2010-12-01 08:09 . 2010-12-01 08:09 -------- d-----w- c:\users\Dagun\AppData\Local\Apple
2010-11-30 18:37 . 2010-11-30 18:37 -------- d-----w- C:\Games
2010-11-30 18:37 . 1998-10-29 16:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-11-30 11:23 . 2010-11-30 11:24 -------- d-----w- c:\program files\Plain Sight
2010-11-30 08:44 . 2010-11-30 08:44 -------- d-----w- c:\program files\Flotilla
2010-11-29 18:50 . 2010-11-29 19:34 -------- d-----w- c:\program files\Strange Adventures in Infinite Space
2010-11-29 15:34 . 2010-11-29 15:34 -------- d-----w- c:\users\Dagun\AppData\Local\Sports Interactive
2010-11-29 15:22 . 2010-11-29 15:24 -------- d--h--w- c:\program files\Zero G Registry
2010-11-29 15:22 . 2010-11-29 15:22 -------- d-----w- c:\program files\Sports Interactive
2010-11-29 15:22 . 2010-11-29 15:22 -------- d--h--w- c:\users\Dagun\InstallAnywhere
2010-11-29 15:20 . 2010-11-29 15:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-11-29 13:46 . 2010-11-29 13:46 -------- d-----w- C:\GT
2010-11-29 13:16 . 2010-11-29 13:16 -------- d-----w- c:\program files\Vega Strike
2010-11-29 13:05 . 2010-11-29 13:05 -------- d-----w- c:\program files\WolfQuest
2010-11-29 12:56 . 2010-11-29 12:56 -------- d-----w- c:\program files\3000AD
2010-11-29 12:52 . 2010-11-29 12:52 -------- d-----w- C:\dbTemp
2010-11-29 12:51 . 2010-11-29 12:51 796672 ----a-w- c:\windows\GPInstall.exe
2010-11-29 12:18 . 2010-11-29 12:18 -------- d-----w- c:\program files\BBProject
2010-11-28 21:02 . 2010-11-28 21:02 -------- d-----w- c:\windows\The War Engine
2010-11-28 21:02 . 2010-11-28 21:02 -------- d-----w- C:\Matrix Games
2010-11-28 19:52 . 2010-11-28 19:52 -------- d-----w- c:\users\Dagun\AppData\Local\Adobe
2010-11-28 16:47 . 2010-11-28 16:47 -------- d-----w- c:\program files\National Guard
2010-11-28 15:30 . 2010-11-28 15:47 -------- d-----w- c:\program files\Sauerbraten
2010-11-28 14:19 . 2010-11-28 14:40 -------- d-----w- c:\program files\Battleships Forever
2010-11-28 13:14 . 2010-11-28 13:14 -------- d-----w- c:\users\Dagun\AppData\Roaming\SUPERAntiSpyware.com
2010-11-28 13:14 . 2010-11-28 13:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-11-28 13:14 . 2010-11-28 13:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-28 11:41 . 2010-11-30 12:21 -------- d-----w- c:\users\Dagun\AppData\Local\Apache
2010-11-28 09:27 . 2010-11-28 17:45 -------- d-----w- c:\program files\Firefox
2010-11-27 21:07 . 2010-11-28 10:02 -------- d-----w- c:\program files\Activision Value
2010-11-27 19:00 . 2010-11-28 17:45 -------- d-----w- c:\program files\Sol Edit
2010-11-27 18:30 . 2010-11-28 17:45 -------- d-----w- C:\Kane & Lynch 2- Dog Days
2010-11-26 21:19 . 2010-11-26 21:19 -------- d-----w- c:\program files\LeeGTs Games
2010-11-26 18:54 . 2010-11-26 18:54 -------- d-----w- c:\programdata\Apache
2010-11-25 20:20 . 2010-11-25 20:20 -------- d-----w- c:\program files\Gmask 1.70 English
2010-11-22 21:51 . 2010-11-22 21:53 -------- d-----w- C:\gearcalc
2010-11-20 16:58 . 2010-11-20 16:58 -------- d-----w- c:\users\Dagun\AppData\Roaming\LolClient
2010-11-20 16:54 . 2010-11-20 16:54 -------- d-----w- C:\Riot Games
2010-11-20 15:51 . 2010-11-20 15:51 -------- d-----w- C:\Lol
2010-11-20 15:32 . 2010-11-20 15:32 -------- d-----w- C:\Counter-Strike 2D
2010-11-20 15:31 . 2010-11-20 15:31 -------- d-----w- C:\Stranded II
2010-11-20 12:07 . 2010-11-28 13:20 -------- d-----w- C:\Blackop
2010-11-18 14:38 . 2007-04-15 20:35 -------- d-----w- C:\Shadow Wars
2010-11-17 19:55 . 2008-07-12 08:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-11-17 19:55 . 2008-07-12 08:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-11-17 19:55 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-11-17 14:45 . 2010-11-17 14:45 -------- d-----w- c:\users\Dagun\AppData\Local\Risen
2010-11-17 14:43 . 2010-11-17 14:43 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-11-17 14:37 . 2010-11-17 14:37 -------- d-----w- c:\program files\Deep Silver
2010-11-16 21:07 . 2010-11-16 21:07 -------- d-----w- c:\program files\1C Company
2010-11-14 17:58 . 2010-11-14 17:58 -------- d-----w- c:\users\Dagun\AppData\Local\Two Worlds II
2010-11-14 16:09 . 2010-11-14 16:09 -------- d-----w- c:\windows\Branding
2010-11-14 12:14 . 2010-11-14 12:14 -------- d-----w- c:\program files\Crime Fighter
2010-11-14 12:08 . 2010-11-14 12:08 -------- d--h--w- c:\windows\PIF
2010-11-14 12:08 . 2010-11-14 12:14 -------- d-----w- C:\CRIME
2010-11-14 09:45 . 2010-11-14 09:45 -------- d-----w- c:\program files\Arcen Games, LLC
2010-11-14 09:07 . 2010-11-14 09:08 -------- d-----w- c:\program files\Starscape
2010-11-13 18:30 . 2010-11-16 21:00 -------- d-----w- c:\program files\Ichor
2010-11-13 17:55 . 2010-11-13 17:57 -------- d-----w- c:\program files\Zombie Driver
2010-11-13 11:15 . 2010-11-13 11:23 -------- d-----w- c:\users\Dagun\AppData\Roaming\Auslogics
2010-11-09 15:51 . 2010-11-09 15:51 -------- d-----w- c:\program files\Fort Zombie
2010-11-08 14:45 . 2010-11-08 14:45 -------- d-----w- c:\program files\JoWooD Entertainment AG
2010-11-08 12:48 . 2010-11-08 12:48 -------- d-----w- c:\users\Dagun\AppData\Local\bizarre creations
2010-11-06 15:43 . 2010-11-06 15:43 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-11-06 15:43 . 2010-11-06 15:43 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-11-06 15:43 . 2005-04-03 23:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-11-06 15:43 . 2005-04-03 23:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-11-06 15:43 . 2005-04-03 23:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-11-06 15:43 . 2005-04-03 23:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-11-06 15:43 . 2005-04-03 22:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-11-06 15:42 . 2010-11-06 15:55 -------- d-----w- c:\users\Dagun\AppData\Local\Oblivion
2010-11-06 09:43 . 2010-11-06 09:44 -------- d-----w- c:\users\Dagun\AppData\Roaming\GHISLER
2010-11-06 09:43 . 2010-07-07 07:55 545 ----a-w- c:\windows\UC.PIF
2010-11-06 09:43 . 2010-07-07 07:55 545 ----a-w- c:\windows\RAR.PIF
2010-11-06 09:43 . 2010-07-07 07:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-06 09:43 . 2010-07-07 07:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-06 09:43 . 2010-07-07 07:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-06 09:43 . 2010-07-07 07:55 545 ----a-w- c:\windows\LHA.PIF
2010-11-06 09:43 . 2010-07-07 07:55 545 ----a-w- c:\windows\ARJ.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-17 14:43 . 2010-10-04 13:56 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-11-17 14:43 . 2010-10-04 13:56 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-11-13 17:57 . 2010-07-20 20:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-11-06 15:42 . 2010-07-20 20:17 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-16 18:55 . 2010-11-10 20:55 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2010-07-20 19:26 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-16 18:55 . 2010-07-20 19:26 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 18:55 . 2010-07-20 19:26 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 12:42 . 2010-10-16 12:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:42 . 2010-10-16 12:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:42 . 2010-10-16 12:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:42 . 2010-10-16 12:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-08 10:19 . 2010-07-21 07:12 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-08 10:19 . 2010-07-21 07:11 218496 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-08 10:19 . 2010-07-21 07:11 218496 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-07 12:23 . 2010-10-07 12:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 12:23 . 2010-10-07 12:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 12:23 . 2010-10-07 12:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 12:23 . 2010-10-07 12:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-10-06 19:30 . 2010-10-06 19:30 138056 ----a-w- c:\users\Dagun\AppData\Roaming\PnkBstrK.sys
2010-10-06 19:29 . 2010-07-21 07:11 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-06 15:49 . 2010-10-06 19:29 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2010-10-04 20:08 . 2010-10-04 20:07 2098 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-04 20:07 . 2010-10-04 20:07 88 --sh--r- c:\programdata\8649171969.sys
2010-09-28 15:44 . 2010-09-28 15:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 15:44 . 2010-09-28 15:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-27 11:37 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-27 11:37 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-26 11:21 . 2010-07-20 20:00 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-20 17:28 . 2010-09-20 17:28 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-09-15 03:50 . 2010-08-11 16:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 11:17 . 2010-09-08 11:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 11:17 . 2010-09-08 11:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30 . 2010-11-02 13:01 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-11-02 13:01 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-11-02 13:01 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-11-02 13:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52F84AF6-74E1-2FF8-7BCD-1BDA6FBE1EB1}]
2009-07-14 01:15 221184 ----a-w- c:\windows\System32\mssi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-05-17 5729136]
"Google Update"="c:\users\Dagun\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-11-28 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392]
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburnerWrapper.exe" [2010-06-07 44344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-27 202256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Dagun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Joint Operations Typhoon Rising Registration.lnk]
path=c:\users\Dagun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Joint Operations Typhoon Rising Registration.lnk
backup=c:\windows\pss\Joint Operations Typhoon Rising Registration.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Dagun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
path=c:\users\Dagun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-28 10:04 136176 ----atw- c:\users\Dagun\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 20:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-05-17 13:11 5729136 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-09-27 11:37 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboV]
2009-10-02 16:26 5516800 ----a-w- c:\program files\ASUS\TurboV\TurboV.exe

R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\DRIVERS\SysTool.sys [2006-11-10 24064]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ByakkoDriver;ByakkoDriver;c:\users\Dagun\AppData\Local\Temp\2288753.07-25-2010 [x]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [2009-08-10 39936]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1343400]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-09-14 716024]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-20 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-08-11 90112]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-04 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2010-07-26 72704]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-02-08 9856]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [2010-06-07 12088]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-21 5760]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-12-11 316416]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-14 c:\windows\Tasks\At1.job
- c:\windows\system32\reeplace.exe [2009-07-13 01:14]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2273712025-2005308081-3298349611-1000Core.job
- c:\users\Dagun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-28 10:04]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2273712025-2005308081-3298349611-1000UA.job
- c:\users\Dagun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-28 10:04]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dagun\AppData\Roaming\Mozilla\Firefox\Profiles\z3ughe6k.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Dagun\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\Dagun\AppData\Roaming\Mozilla\Firefox\Profiles\z3ughe6k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Personas: personas@christopher.beard - c:\users\Dagun\AppData\Roaming\Mozilla\Firefox\Profiles\z3ughe6k.default\extensions\personas@christopher.beard
FF - Extension: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - c:\users\Dagun\AppData\Roaming\Mozilla\Firefox\Profiles\z3ughe6k.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\users\Dagun\AppData\Roaming\Mozilla\Firefox\Profiles\z3ughe6k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe
MSConfigStartUp-TortoiseHgOverlayIconServer - c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ByakkoDriver]
"ImagePath"="\??\c:\users\Dagun\AppData\Local\Temp\2288753.07-25-2010"

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2273712025-2005308081-3298349611-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:e4,6b,36,11,51,d4,01,ea,2d,62,5f,7e,47,8e,2c,28,5d,75,73,01,6f,9b,60,
b6,60,7a,4a,4e,5b,b5,ec,50,95,b9,4c,ae,28,aa,47,63,c8,36,66,2b,fc,6f,39,c4,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-2273712025-2005308081-3298349611-1000\Software\SecuROM\License information*]
"datasecu"=hex:a3,b4,b7,eb,36,22,4f,06,af,0c,6b,95,cb,b3,02,a0,f6,47,0c,da,46,
fa,b5,90,41,27,d2,13,c0,75,05,2f,7e,33,23,17,63,3b,66,2a,da,40,57,2a,0f,d1,\
"rkeysecu"=hex:76,e6,1e,89,04,91,60,3c,be,22,a9,b1,b8,75,33,c4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
c:\program files\MSI Afterburner\MSIAfterburner.exe
c:\program files\Razer\DeathAdder\razertra.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-12-05 20:31:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-05 20:31

Pre-Run: 47,210,766,336 bytes free
Post-Run: 50,092,044,288 bytes free

- - End Of File - - BA901E8828549582A9B3AB77088A1A44

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:26 PM

Posted 05 December 2010 - 04:28 PM

Hello,

Yes, it's a pretty formidable program. :thumbup2:

How is it running please? Do you know what this is? ByakkoDriver
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 dagun

dagun
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 06 December 2010 - 06:50 AM

Hello,

Yes, it's a pretty formidable program. :thumbup2:

How is it running please? Do you know what this is? ByakkoDriver


Still getting the odd redirect doesn't appear to have had any change from combofix.

No idea what byakkodriver is, google suggests piriform whom i have CCleaner and defraggler from, possibly from that.

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:26 PM

Posted 06 December 2010 - 04:27 PM

Hello,

Do you use a router?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 dagun

dagun
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 07 December 2010 - 06:18 AM

Hello,

Do you use a router?


Yes and no, i'm connected to one for LAN with other PC's in my house, but am not connected through it for the internet.

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:26 PM

Posted 07 December 2010 - 02:08 PM

Try resetting it and see if the redirects stop.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 dagun

dagun
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 07 December 2010 - 03:05 PM

Try resetting it and see if the redirects stop.


It's always turned off at night so it's reset daily.

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:26 PM

Posted 08 December 2010 - 04:38 PM

Well then....disconnect it, turn it off, reset the dns on the system....hard wire to the internet and see if you're redirected.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 dagun

dagun
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 09 December 2010 - 10:11 AM

Well then....disconnect it, turn it off, reset the dns on the system....hard wire to the internet and see if you're redirected.


Done, no effect.

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:26 PM

Posted 09 December 2010 - 11:56 AM

Well my goodness.....okay. We'll find it. We're sneakier than they are. :wink:

Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 dagun

dagun
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 09 December 2010 - 12:19 PM

Can already confirm no effect, got an ad when i went to post this.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 17:18 on 09/12/2010 (Dagun)
Firefox version 3.6.12 (en-GB)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [09:56 28/11/2010]

C:\Users\Dagun\Application Data\Mozilla\Firefox\Profiles\z3ughe6k.default\extensions\
personas@christopher.beard [19:02 12/09/2010]
tineye@ideeinc.com [16:01 24/10/2010]
{73a6fe31-595d-460b-a920-fcc0f8843232} [16:43 26/11/2010]
{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [11:20 11/09/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [15:39 03/11/2010]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [19:04 12/09/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users