Jump to content
Forum upgrade is live! Read more... ×
Sign in to follow this  
philo-sofa

Dear God Help me - I Have a Rootkit or some other BS

Recommended Posts

This doesn't appear to redirect Google per se - rather just redirect links I click on occasionally (maybe one in 20) and create a search using terms in the page I was trying to click through to. I use Chrome and can't say if this affects other browsers, but from what I've read it probably will. The malware seems to briefly use an intermediate site "grooveswish dot com" (would not visit there BTW, just in case) with the search parameters included in the URL before it gets to its final page. I'm running x64 so can't use GMER. Again, any help would be really, really appreciated as this is really bugging me now and none of the forums I've been on are any help. Do we have any pros here? DDS copypasta follows:

 

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Alex at 0:03:44 on 2011-11-09

Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.8183.5615 [GMT 13:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\!Games\Hamachi\hamachi-2.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\!Drivers\RadeonPro\RadeonProSupport.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\!Utilities\Sapphire TRIXX\TRIXX.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\!Drivers\Logitech Setpoint\SetPointP\SetPoint.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\!Internet\PeerBlock\peerblock.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\!Drivers\Catalyst 11.10 v3 Prev\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\!Drivers\Logitech Setpoint\SetPointG\SetPointII.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe

C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe

C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe

C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe

C:\Program Files (x86)\!Drivers\Catalyst 11.10 v3 Prev\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\!Media\MPC-HC\mpc-hc64.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.nz/

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\!Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [PeerBlock] C:\Program Files\!Internet\PeerBlock\peerblock.exe

uRun: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\!Drivers\Catalyst 11.10 v3 Prev\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\!Office\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\!Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\!Office\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{42AC2D5C-DD8E-4738-8C51-93B1E629B31B} : DhcpNameServer = 202.27.158.40 202.27.156.72

TCP: Interfaces\{6EE3DF0A-D7EF-4723-BBCE-0AB015C2216A} : DhcpNameServer = 202.180.64.10 202.180.64.11

TCP: Interfaces\{797C07A1-7BA1-4C37-BE0C-4F200C2DC323} : DhcpNameServer = 202.180.64.10 202.180.64.11

TCP: Interfaces\{9248FFFD-ED30-438C-A717-ADED14D4DAAA} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9EADFEB2-E71B-44D6-9762-0CBFEC4B0518} : DhcpNameServer = 202.27.158.40 202.27.156.72

TCP: Interfaces\{C2F21E43-BDF7-46DC-907A-07896DC85910} : DhcpNameServer = 203.109.191.1 203.118.191.1

TCP: Interfaces\{D6C33ACD-871C-4E31-8001-57083FB74613} : DhcpNameServer = 202.180.64.10 202.180.64.11

TCP: Interfaces\{EF063EE1-5F66-47F3-98A9-E6406BE5F39E} : DhcpNameServer = 202.27.158.40 202.27.156.72

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\!Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\!Office\Office12\GrooveShellExtensions.dll

LSA: Authentication Packages = msv1_0 relog_ap

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\!Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\!Drivers\Catalyst 11.10 v3 Prev\ATI.ACE\Core-Static\CLIStart.exe" MSRun

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\!Office\Office12\GrooveShellExtensions.dll

Hosts: 94.228.209.244 www.google-analytics.com.

Hosts: 94.228.209.244 ad-emea.doubleclick.net.

Hosts: 94.228.209.244 www.statcounter.com.

Hosts: 178.250.45.15 www.google-analytics.com.

Hosts: 178.250.45.15 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6nvg1qux.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/

FF - component: C:\Program Files (x86)\!Internet\Firefox\components\browserdirprovider.dll

FF - component: C:\Program Files (x86)\!Internet\Firefox\components\brwsrcmp.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll

FF - component: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6nvg1qux.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - plugin: C:\Program Files (x86)\!Internet\Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\!Internet\Firefox\plugins\npnul32.dll

FF - plugin: C:\Program Files (x86)\!Internet\Firefox\plugins\NPOFF12.DLL

FF - plugin: C:\Program Files (x86)\!Internet\Firefox\plugins\nppdf32.dll

FF - plugin: C:\Program Files (x86)\!Internet\Firefox\plugins\npqtplugin.dll

FF - plugin: C:\Program Files (x86)\!Internet\Firefox\plugins\npqtplugin2.dll

FF - plugin: C:\Program Files (x86)\!Internet\Firefox\plugins\npqtplugin3.dll

FF - plugin: C:\Program Files (x86)\!Internet\Firefox\plugins\npqtplugin4.dll

FF - plugin: C:\Program Files (x86)\!Internet\Firefox\plugins\npqtplugin5.dll

FF - plugin: C:\Program Files (x86)\!Internet\Firefox\plugins\npqtplugin6.dll

FF - plugin: C:\Program Files (x86)\!Internet\Firefox\plugins\npqtplugin7.dll

FF - plugin: C:\Program Files (x86)\!Media\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: C:\Program Files (x86)\!Office\Adobe Reader\Reader\browser\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\!Internet\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\!Internet\Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\!Internet\Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\!Internet\Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com

FF - Ext: Gmail Space: {B9C8BE50-7105-4ec6-8FB4-4935C0671648} - %profile%\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}

FF - Ext: Googlepedia: {1ABADB6E-DC4B-11DA-9F70-791A9CD9513E} - %profile%\extensions\{1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}

FF - Ext: History Submenus: {7102aba3-045c-4ec2-b921-46d87636d84b} - %profile%\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}

FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Open link in...: {ff81e780-5cc0-11d9-9669-0800200c9a66} - %profile%\extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}

FF - Ext: OpenBook: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce} - %profile%\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}

FF - Ext: Options Menu: {1a6907cb-d310-4d82-bded-c0dd31f8d9a2} - %profile%\extensions\{1a6907cb-d310-4d82-bded-c0dd31f8d9a2}

FF - Ext: Restart Firefox: restart@restart.org - %profile%\extensions\restart@restart.org

FF - Ext: Sage-Too: {0f9daf7e-2ee2-4fcf-9d4f-d43d93963420} - %profile%\extensions\{0f9daf7e-2ee2-4fcf-9d4f-d43d93963420}

FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org

FF - Ext: Flash Video Downloader (Youtube Downloader): artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\!Games\Hamachi\hamachi-2.exe [2011-8-4 2329480]

R2 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\!Drivers\RadeonPro\RadeonProSupport.exe [2011-4-5 12800]

R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\system32\Drivers\LGPBTDD.sys --> C:\Windows\system32\Drivers\LGPBTDD.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 pbfilter;pbfilter;C:\Program Files\!Internet\PeerBlock\pbfilter.sys [2010-11-26 24176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-2 133104]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\!Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-16 25832]

S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-1-3 130976]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-2 133104]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys --> C:\Windows\system32\DRIVERS\s0016bus.sys [?]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys --> C:\Windows\system32\DRIVERS\s0016mdfl.sys [?]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys --> C:\Windows\system32\DRIVERS\s0016mdm.sys [?]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys --> C:\Windows\system32\DRIVERS\s0016mgmt.sys [?]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys --> C:\Windows\system32\DRIVERS\s0016nd5.sys [?]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys --> C:\Windows\system32\DRIVERS\s0016obex.sys [?]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys --> C:\Windows\system32\DRIVERS\s0016unic.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\system32\drivers\CM10864.sys --> C:\Windows\system32\drivers\CM10864.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-11-08 10:40:58 388096 ----a-r- C:\Users\Alex\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-05 13:16:31 -------- d-----w- C:\Users\Alex\AppData\Roaming\Origin

2011-11-05 13:16:29 -------- d-----w- C:\Users\Alex\AppData\Local\Origin

2011-11-04 03:50:48 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-11-04 03:50:47 -------- d-----w- C:\Program Files\Hitman Pro 3.5

2011-11-04 03:50:19 -------- d-----w- C:\ProgramData\Hitman Pro

2011-10-27 05:20:35 -------- d-----w- C:\Users\Alex\AppData\Local\ESN Sonar

2011-10-26 07:12:17 119808 ----a-r- C:\Users\Alex\AppData\Roaming\Microsoft\Installer\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}\icons.exe

2011-10-25 07:09:22 -------- d-----w- C:\AMD

2011-10-25 05:57:57 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2011-10-23 01:34:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-10-23 01:34:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-10-23 01:34:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-10-23 01:34:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-10-23 01:34:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-10-23 01:34:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-10-23 01:34:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-10-17 11:46:39 -------- d-----w- C:\Users\Alex\AppData\Local\4056F283-487C-4502-B4BA-5DE77A26376C.aplzod

2011-10-17 02:58:54 10207232 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-10-17 02:16:08 24998912 ----a-w- C:\Windows\System32\atio6axx.dll

2011-10-17 02:07:06 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-10-17 02:06:54 736768 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-10-17 02:05:34 867328 ----a-w- C:\Windows\System32\aticfx64.dll

2011-10-17 02:03:00 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-10-17 02:02:50 487936 ----a-w- C:\Windows\System32\atieclxx.exe

2011-10-17 02:02:14 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-10-17 02:01:02 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-10-17 02:00:46 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-10-17 02:00:38 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-10-17 02:00:26 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-10-17 02:00:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-10-17 02:00:16 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-10-17 02:00:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-10-17 02:00:02 18837504 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-10-17 01:57:08 4231680 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-10-17 01:47:24 4960768 ----a-w- C:\Windows\System32\atidxx64.dll

2011-10-17 01:44:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-10-17 01:44:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-10-17 01:44:12 4023296 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-10-17 01:39:40 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-10-17 01:39:38 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-10-17 01:39:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-10-17 01:39:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-10-17 01:39:18 9809920 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-10-17 01:36:58 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-10-17 01:36:18 8390656 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-10-17 01:34:30 4174848 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-10-17 01:31:24 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-10-17 01:30:58 5431808 ----a-w- C:\Windows\System32\atiumd64.dll

2011-10-17 01:24:16 479744 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-10-17 01:24:08 335872 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-10-17 01:23:58 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-10-17 01:23:54 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-10-17 01:23:54 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-10-17 01:23:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-10-17 01:23:44 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-10-17 01:23:36 317952 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-10-17 01:22:48 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-10-17 01:22:40 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-10-17 01:22:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-10-17 01:22:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-10-17 01:21:40 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-10-17 01:20:24 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-10-17 01:20:24 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-10-17 01:20:18 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-10-17 01:20:18 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-10-16 00:35:29 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVG2012

2011-10-16 00:35:28 -------- d-----w- C:\ProgramData\AVG2012

2011-10-12 08:59:47 -------- d-----w- C:\Program Files\iPod

2011-10-12 08:59:46 -------- d-----w- C:\Program Files\iTunes

2011-10-12 08:59:19 -------- d-----w- C:\Program Files\Bonjour

2011-10-12 08:59:19 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-10-12 06:09:57 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-10-12 06:09:50 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-12 06:09:50 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-12 06:09:50 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-12 06:09:50 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-12 06:08:54 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-12 06:08:54 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-12 06:08:53 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-12 06:08:53 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

.

==================== Find3M ====================

.

2011-11-08 08:57:02 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-11-08 08:57:02 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-11-08 05:58:59 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-10-27 05:05:24 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-10-17 07:09:41 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-11 08:18:38 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-10-11 08:18:38 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-10-06 17:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2011-10-02 16:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-28 07:07:27 81952 ----a-w- C:\Windows\System32\drivers\tifsfilt.sys

2011-09-28 07:07:27 711712 ----a-w- C:\Windows\System32\drivers\timntr.sys

2011-09-28 07:07:27 593952 ----a-w- C:\Windows\System32\drivers\tdrpman.sys

2011-09-28 07:07:27 235040 ----a-w- C:\Windows\System32\drivers\snapman.sys

2011-09-23 09:15:12 66048 ----a-w- C:\Windows\System32\OpenVideo64.dll

2011-09-23 09:15:08 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-09-23 09:14:58 16787456 ----a-w- C:\Windows\System32\amdocl64.dll

2011-09-23 09:14:18 13753856 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-09-23 09:13:30 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-09-23 09:13:24 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-09-12 17:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2011-09-04 10:31:20 2824032 ----a-w- C:\Windows\System32\AutoPartNt.exe

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-30 10:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-08-30 10:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-08-30 10:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-08-30 10:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-08-30 10:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-08-30 10:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

.

============= FINISH: 0:03:57.50 ===============

Share this post


Link to post
Share on other sites

Cheers so much for your Reply G-Relik. It's the first I've gotten and makes me feel a little less alone and inevitably fucked! I've tried TDSS already, along with a few others. Found some more recently: McAffee Stinger, and M$'s RootRevealer. Will be trying those. Do you have any other suggestions?

Share this post


Link to post
Share on other sites

d/l now. Will run all of them I can find anything I can. I however think it needs human analytics to get rid of?

Apart from the other suggestions (all good) I would boot in to safe mode and run CCleaner X64 portable.

http://www.piriform.com/ccleaner/builds

Get it to clean all temp and temp internet files.

Or manually delete all temp files etc for all users.

There is also a load of free Kaspersky tools you could try at

http://support.kaspersky.com/viruses/utility

 

My bet is it is just a cookie that runs at specific time intervals so the above cleanup should fix it.

One way to check is to create a new user on the PC, log in to the new account and see if it is affected. If not then it is a user specific issue, not a system wide problem like a rootkit.

Also check what addons have been installed in Chrome, could be something to do with one of them.

Next I would be checking you ethernet connection settings and modem settings in case of DNS hijacks.

Modem DNS should be set to auto or your ISPs DNS servers or the DNS servers you use. Don't forget to change the modem interface login password to prevent malware hijacking the settings.

Do the same for your ethernet interface (or wireless if using it).

Next check your hosts file.

http://support.microsoft.com/kb/972034

Using the fixit option is the easiest, although I prefer the manual method as I know it has been done then.

Edited by aliali

Share this post


Link to post
Share on other sites

Malwarebytes Anti Malware?

Another vote for Malwarebytes, I buy bulk licences to give to my clients, but the free version will do the trick. I use it in conjunction with Microsoft security essentials.

Share this post


Link to post
Share on other sites

Cheers again for the great info everyone. Am running malwarebytes right this second (already use ccleaner) and will move onto the Kaspersky tools after this. Re the hosts file, someone pointed out that this:

 

Hosts: 94.228.209.244 www.google-analytics.com.

Hosts: 94.228.209.244 ad-emea.doubleclick.net.

Hosts: 94.228.209.244 www.statcounter.com.

Hosts: 178.250.45.15 www.google-analytics.com.

Hosts: 178.250.45.15 ad-emea.doubleclick.net.

is dodgy as. However when I check my hosts file it's effectively blank as below:

 

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

 

127.0.0.1 localhost

::1 localhost

Do you think this indicates the problem is in a presumably moved hosts file? Have tried the MS fix (my copypasta of the hosts file is from before this BTW) just in case.

 

EDIT: had a though an reopened the hosts file - about 300 lines down from the opening spiel I copied above (which is suspicious) I found three of the lines mentioned by DDS! Removed those (which the MS fix hadn't done), reopened and confirmed it's gone. Will see if that does the trick (and still run every anti-malware thing here just in case.

 

However after clearning my DNS cache I looked at it and was the result inspite of a continuingly clear hosts file:

 

Posted Image

Posted Image

Posted Image

 

Is that bad?..

Edited by philo-sofa

Share this post


Link to post
Share on other sites

There's a lot of weird google stuff in there. What google stuff have you installed (apart from Google Chrome)

Edited by Jeruselem

Share this post


Link to post
Share on other sites

And after a combofix runthrough, this:

 

Posted Image

 

Which looks a lot better. I'll have to wait a few days before I can be sure this is resolved, but I feel very optimistic. Cheers to everyone here! Fuckin stoked I can call my computer my own again without going to an age-old system restore point! For what it's worth I would recommend you hold off on Combofix if you have a similar problem as it does basically come plastered with a thousand warning labels... but do keep it in mind as it did seem to resolve something that was otherwise irresolvable.

 

*crosses fingers that the rootkit really has been properly unrooted*

Edited by philo-sofa

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×