Telos954
2010-08-13, 20:25
Hey there. Recently, my browser started redirecting me to random ad sites that all seem to be part of the same network. I'm directed to Infomash travel.kosmix.com, Pronto.com, and various others from Google links to known 'safe' sites such as the NY Times and CNN.com.
I'm a bit dense when it comes to this stuff, so I've had a friend help me out. In the process he had me run ATF-Cleaner, GooredFix, had me do a few scans with Advanced SystemCare Pro, Kaspersky's TDSSKiller and Spybot S&D.
At first, Spybot picked up some random adware and spyware, and ASC picked up some issues, but all of them were supposedly dealt with. This didn't fix the problem, though, so I was made to run ATF-Cleaner then TDSSKiller. TDSS picked something up, and supposedly took care of the issue, which after a reboot I was perfectly fine. For about 2 days.
Now it's giving me the same redirects, making Google damn near impossible to use. But it's not just Google now. Random websites I browse are now giving me the same problem.
I was given the advice to run ERUNT and the DDS tools, which I've done.
I'll post my DDS in a post after this.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Noob at 14:06:01.49 on Fri 08/13/2010
Internet Explorer: 7.0.6000.16473 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.2047.840 [GMT -4:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Users\Noob\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Noob\Desktop\dds.scr
============== Pseudo HJT Report ===============
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - i:\babylon\utils\BabylonIEPI.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\noob\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\users\noob\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [notepad] rundll32.exe c:\windows\servic~2\locals~1\ntload.dll,_IWMPEvents@0
uRun: [CompanionLink] "c:\program files\sprint desktop sync\sprint desktop sync.exe" -Icon
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
uRun: [TweetMyPC] c:\program files\codegeeks\tweetmypc\TweetMyPC.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [WebcamMaxMoniter] "c:\program files\webcammax\wcmmon.exe" /a
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Babylon Client] i:\babylon\Babylon.exe -AutoStart
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\noob\appdata\local\windows\csrss.exe
StartupFolder: c:\users\noob\appdata\local\windows\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\noob\appdata\local\windows\winhelp.exe
IE: Download all by FlashGet3 - c:\users\noob\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\noob\appdata\roaming\flashgetbho\GetUrl.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://i:\babylon\utils\BabylonIEPI.dll/ActionTU.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: convergysworkathome.com\www
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\noob\appdata\roaming\mozilla\firefox\profiles\ytrkh2jn.default\
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\users\noob\appdata\roaming\mozilla\firefox\profiles\ytrkh2jn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\users\noob\appdata\roaming\mozilla\firefox\profiles\ytrkh2jn.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\noob\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-14 172032]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2008-2-9 941784]
R2 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2010-4-16 103800]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-7 24652]
S2 gupdate1c9a72d9f0f015c;Google Update Service (gupdate1c9a72d9f0f015c);c:\program files\google\update\GoogleUpdate.exe [2009-3-17 133104]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-08-13 17:43:44 0 d-----w- c:\program files\trend micro
2010-08-12 23:20:22 57140 ----a-w- c:\users\noob\OrderConfirmationPrint.aspx.htm
2010-08-12 00:27:28 1625 ----a-w- c:\users\noob\Maynards says Chew.htm
2010-08-11 23:30:09 295150 ----a-w- c:\users\noob\gingers.jpg
2010-08-11 18:20:15 0 d-----w- c:\programdata\Sun
2010-08-11 18:19:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-11 18:12:27 59904 ----a-w- c:\users\noob\appdata\roaming\csrss.exe
2010-08-11 00:24:19 0 d-----w- c:\users\noob\appdata\roaming\IObit
2010-08-11 00:24:18 0 d-----w- c:\program files\IObit
2010-08-10 23:40:46 2635 ----a-w- c:\users\noob\Falrun [Pemptus].bak
2010-08-10 23:40:46 2387 ----a-w- c:\users\noob\Falrun [Pemptus].pq
2010-08-10 16:02:28 0 d-----w- c:\users\noob\appdata\roaming\scdata
2010-08-07 15:51:50 0 d-----w- C:\Temp
2010-08-07 06:36:58 7493 ----a-w- c:\users\noob\pq.html
2010-08-07 06:36:58 322663 ----a-w- c:\users\noob\pq.exe
2010-08-06 16:25:06 0 d-----w- c:\program files\I-Doser
2010-08-06 16:03:36 0 d-----w- c:\program files\IDoser v4
2010-08-05 16:30:35 0 d-----w- c:\program files\MoparScape
2010-08-05 01:39:38 0 d-----w- c:\program files\AutoHotkey
2010-08-05 01:38:39 0 d-----w- c:\program files\Codegeeks
2010-08-03 02:32:05 3138 ----a-w- c:\users\noob\Event.rtf
2010-08-02 09:11:13 1425 ----a-w- c:\users\noob\printer.png
2010-08-02 08:11:39 2838 ----a-w- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time)_03.png
2010-08-02 07:04:40 2090 ----a-w- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time)_02.png
2010-08-02 06:42:47 2381 ----a-w- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time)_01.png
2010-08-02 04:49:25 15281 ----a-w- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time)1.sgm
2010-08-02 04:31:41 32812 ----a-w- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time).sav
2010-08-02 04:30:04 2097152 ----a-r- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time).gbc
2010-08-02 02:04:06 8053 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]3.sgm
2010-07-31 03:31:18 3318 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_18.png
2010-07-31 03:30:07 3329 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_17.png
2010-07-31 03:29:49 3223 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_16.png
2010-07-31 03:29:47 4744 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_15.png
2010-07-31 03:29:41 4936 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_14.png
2010-07-31 03:29:38 4969 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_13.png
2010-07-31 03:29:37 5008 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_12.png
2010-07-31 03:29:37 4936 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_11.png
2010-07-31 03:29:36 4936 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_10.png
2010-07-31 03:29:34 4944 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_09.png
2010-07-31 03:29:32 4930 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_08.png
2010-07-31 03:29:13 3260 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_07.png
2010-07-31 03:29:12 3323 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_06.png
2010-07-29 11:09:10 8533 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]2.sgm
2010-07-27 11:31:59 11927 ----a-w- c:\users\noob\ekROSE Technical Issues solution list.rtf
2010-07-27 07:02:13 3293 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_05.png
2010-07-27 07:02:10 4711 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_03.png
2010-07-27 07:02:10 412 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_04.png
2010-07-27 02:01:45 2924 ----a-w- c:\users\noob\printer4.PNG
2010-07-27 02:01:25 5854 ----a-w- c:\users\noob\printer3.PNG
2010-07-26 21:39:35 4127 ----a-w- c:\users\noob\printer2.PNG
2010-07-26 21:39:16 3864 ----a-w- c:\users\noob\printer1.PNG
2010-07-26 06:26:06 4154 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_02.png
2010-07-26 06:12:29 7000 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]1.sgm
2010-07-26 05:56:33 4036 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_01.png
2010-07-26 05:25:20 8308 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!].sgm
2010-07-26 04:10:58 32768 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!].sav
2010-07-26 04:09:20 2218 ----a-w- c:\users\noob\vba.ini
2010-07-26 04:02:04 1048576 ----a-r- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!].gb
2010-07-26 04:01:36 1974352 ----a-w- c:\users\noob\VisualBoyAdvance.exe
2010-07-22 21:22:41 165389 ----a-w- c:\users\noob\ronery.jpg
2010-07-21 23:49:03 0 d-----w- c:\users\noob\Food
2010-07-21 22:40:13 151784 ----a-w- c:\users\noob\127834621949.png
2010-07-19 22:42:20 14729 ----a-w- c:\users\noob\34925_1277717756700_1642685228_616170_5293389_n.jpg
2010-07-17 15:01:39 0 d-----w- c:\users\noob\appdata\roaming\R.O.S.E Editor Suite
2010-07-14 22:46:43 0 d-----w- c:\program files\Elite Kingdom Rose v2
==================== Find3M ====================
2010-06-08 17:31:27 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2009-12-27 04:19:03 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-27 04:19:03 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-27 04:19:02 86016 ----a-w- c:\windows\inf\infstor.dat
2009-03-17 01:42:44 197 --sha-w- c:\program files\common files\maxtreme.dat
2007-09-10 23:14:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:48:00 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-09 01:40:46 56 --sha-r- c:\windows\system32\35B708EDD8.sys
2009-03-09 01:48:12 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 14:06:48.82 ===============
Just to add, I did a scan with the Kaspersky Online Scanner 7 and found 'Trojan.Win32.FraudPack.beun', neither Spybot or Advanced SystemCare pick it up, and Google has failed me.
I'm a bit dense when it comes to this stuff, so I've had a friend help me out. In the process he had me run ATF-Cleaner, GooredFix, had me do a few scans with Advanced SystemCare Pro, Kaspersky's TDSSKiller and Spybot S&D.
At first, Spybot picked up some random adware and spyware, and ASC picked up some issues, but all of them were supposedly dealt with. This didn't fix the problem, though, so I was made to run ATF-Cleaner then TDSSKiller. TDSS picked something up, and supposedly took care of the issue, which after a reboot I was perfectly fine. For about 2 days.
Now it's giving me the same redirects, making Google damn near impossible to use. But it's not just Google now. Random websites I browse are now giving me the same problem.
I was given the advice to run ERUNT and the DDS tools, which I've done.
I'll post my DDS in a post after this.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Noob at 14:06:01.49 on Fri 08/13/2010
Internet Explorer: 7.0.6000.16473 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.2047.840 [GMT -4:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Users\Noob\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Noob\Desktop\dds.scr
============== Pseudo HJT Report ===============
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - i:\babylon\utils\BabylonIEPI.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\noob\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\users\noob\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [notepad] rundll32.exe c:\windows\servic~2\locals~1\ntload.dll,_IWMPEvents@0
uRun: [CompanionLink] "c:\program files\sprint desktop sync\sprint desktop sync.exe" -Icon
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
uRun: [TweetMyPC] c:\program files\codegeeks\tweetmypc\TweetMyPC.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [WebcamMaxMoniter] "c:\program files\webcammax\wcmmon.exe" /a
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Babylon Client] i:\babylon\Babylon.exe -AutoStart
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\noob\appdata\local\windows\csrss.exe
StartupFolder: c:\users\noob\appdata\local\windows\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\noob\appdata\local\windows\winhelp.exe
IE: Download all by FlashGet3 - c:\users\noob\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\noob\appdata\roaming\flashgetbho\GetUrl.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://i:\babylon\utils\BabylonIEPI.dll/ActionTU.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: convergysworkathome.com\www
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\noob\appdata\roaming\mozilla\firefox\profiles\ytrkh2jn.default\
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\users\noob\appdata\roaming\mozilla\firefox\profiles\ytrkh2jn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\users\noob\appdata\roaming\mozilla\firefox\profiles\ytrkh2jn.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\noob\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-14 172032]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2008-2-9 941784]
R2 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2010-4-16 103800]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-7 24652]
S2 gupdate1c9a72d9f0f015c;Google Update Service (gupdate1c9a72d9f0f015c);c:\program files\google\update\GoogleUpdate.exe [2009-3-17 133104]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-08-13 17:43:44 0 d-----w- c:\program files\trend micro
2010-08-12 23:20:22 57140 ----a-w- c:\users\noob\OrderConfirmationPrint.aspx.htm
2010-08-12 00:27:28 1625 ----a-w- c:\users\noob\Maynards says Chew.htm
2010-08-11 23:30:09 295150 ----a-w- c:\users\noob\gingers.jpg
2010-08-11 18:20:15 0 d-----w- c:\programdata\Sun
2010-08-11 18:19:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-11 18:12:27 59904 ----a-w- c:\users\noob\appdata\roaming\csrss.exe
2010-08-11 00:24:19 0 d-----w- c:\users\noob\appdata\roaming\IObit
2010-08-11 00:24:18 0 d-----w- c:\program files\IObit
2010-08-10 23:40:46 2635 ----a-w- c:\users\noob\Falrun [Pemptus].bak
2010-08-10 23:40:46 2387 ----a-w- c:\users\noob\Falrun [Pemptus].pq
2010-08-10 16:02:28 0 d-----w- c:\users\noob\appdata\roaming\scdata
2010-08-07 15:51:50 0 d-----w- C:\Temp
2010-08-07 06:36:58 7493 ----a-w- c:\users\noob\pq.html
2010-08-07 06:36:58 322663 ----a-w- c:\users\noob\pq.exe
2010-08-06 16:25:06 0 d-----w- c:\program files\I-Doser
2010-08-06 16:03:36 0 d-----w- c:\program files\IDoser v4
2010-08-05 16:30:35 0 d-----w- c:\program files\MoparScape
2010-08-05 01:39:38 0 d-----w- c:\program files\AutoHotkey
2010-08-05 01:38:39 0 d-----w- c:\program files\Codegeeks
2010-08-03 02:32:05 3138 ----a-w- c:\users\noob\Event.rtf
2010-08-02 09:11:13 1425 ----a-w- c:\users\noob\printer.png
2010-08-02 08:11:39 2838 ----a-w- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time)_03.png
2010-08-02 07:04:40 2090 ----a-w- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time)_02.png
2010-08-02 06:42:47 2381 ----a-w- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time)_01.png
2010-08-02 04:49:25 15281 ----a-w- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time)1.sgm
2010-08-02 04:31:41 32812 ----a-w- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time).sav
2010-08-02 04:30:04 2097152 ----a-r- c:\users\noob\Pokemon Crystal (U) [C][h1] (enable setting of time).gbc
2010-08-02 02:04:06 8053 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]3.sgm
2010-07-31 03:31:18 3318 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_18.png
2010-07-31 03:30:07 3329 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_17.png
2010-07-31 03:29:49 3223 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_16.png
2010-07-31 03:29:47 4744 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_15.png
2010-07-31 03:29:41 4936 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_14.png
2010-07-31 03:29:38 4969 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_13.png
2010-07-31 03:29:37 5008 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_12.png
2010-07-31 03:29:37 4936 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_11.png
2010-07-31 03:29:36 4936 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_10.png
2010-07-31 03:29:34 4944 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_09.png
2010-07-31 03:29:32 4930 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_08.png
2010-07-31 03:29:13 3260 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_07.png
2010-07-31 03:29:12 3323 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_06.png
2010-07-29 11:09:10 8533 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]2.sgm
2010-07-27 11:31:59 11927 ----a-w- c:\users\noob\ekROSE Technical Issues solution list.rtf
2010-07-27 07:02:13 3293 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_05.png
2010-07-27 07:02:10 4711 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_03.png
2010-07-27 07:02:10 412 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_04.png
2010-07-27 02:01:45 2924 ----a-w- c:\users\noob\printer4.PNG
2010-07-27 02:01:25 5854 ----a-w- c:\users\noob\printer3.PNG
2010-07-26 21:39:35 4127 ----a-w- c:\users\noob\printer2.PNG
2010-07-26 21:39:16 3864 ----a-w- c:\users\noob\printer1.PNG
2010-07-26 06:26:06 4154 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_02.png
2010-07-26 06:12:29 7000 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]1.sgm
2010-07-26 05:56:33 4036 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!]_01.png
2010-07-26 05:25:20 8308 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!].sgm
2010-07-26 04:10:58 32768 ----a-w- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!].sav
2010-07-26 04:09:20 2218 ----a-w- c:\users\noob\vba.ini
2010-07-26 04:02:04 1048576 ----a-r- c:\users\noob\Legend of Zelda, The - Link's Awakening DX (V1.0) (U) [C][!].gb
2010-07-26 04:01:36 1974352 ----a-w- c:\users\noob\VisualBoyAdvance.exe
2010-07-22 21:22:41 165389 ----a-w- c:\users\noob\ronery.jpg
2010-07-21 23:49:03 0 d-----w- c:\users\noob\Food
2010-07-21 22:40:13 151784 ----a-w- c:\users\noob\127834621949.png
2010-07-19 22:42:20 14729 ----a-w- c:\users\noob\34925_1277717756700_1642685228_616170_5293389_n.jpg
2010-07-17 15:01:39 0 d-----w- c:\users\noob\appdata\roaming\R.O.S.E Editor Suite
2010-07-14 22:46:43 0 d-----w- c:\program files\Elite Kingdom Rose v2
==================== Find3M ====================
2010-06-08 17:31:27 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2009-12-27 04:19:03 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-27 04:19:03 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-27 04:19:02 86016 ----a-w- c:\windows\inf\infstor.dat
2009-03-17 01:42:44 197 --sha-w- c:\program files\common files\maxtreme.dat
2007-09-10 23:14:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:48:00 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-09 01:40:46 56 --sha-r- c:\windows\system32\35B708EDD8.sys
2009-03-09 01:48:12 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 14:06:48.82 ===============
Just to add, I did a scan with the Kaspersky Online Scanner 7 and found 'Trojan.Win32.FraudPack.beun', neither Spybot or Advanced SystemCare pick it up, and Google has failed me.