Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Goingonearth.com and browser redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 zwarte

zwarte

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 14 June 2011 - 08:45 AM

All of my browsers seem to redirect to goingonearth.com when using google and clicking on any of the search links and periodically a popup will occur out of nowhere. See my log below:

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by User at 10:18:03 on 2011-06-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4029.1912 [GMT -3:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Linksys\CIT200\cit200.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
uInternet Settings,ProxyServer = 192.168.0.1:3128
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Auxiliar de Conex„o do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [googletalk] C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CIT200.lnk - C:\Program Files (x86)\Linksys\CIT200\cit200.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 10.1.1.1 10.1.1.254
TCP: Interfaces\{203488BD-A870-4458-8910-3F0A1DD2A268} : DhcpNameServer = 10.1.1.1 10.1.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Auxiliar de Conex∆o do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nlq8oe0q.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-12 366640]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-6 2320920]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-06-14 11:20:38 -------- d-----w- C:\Winupdate
2011-06-14 10:49:42 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-14 03:30:24 98816 ----a-w- C:\Windows\sed.exe
2011-06-14 03:30:24 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-14 03:30:24 256512 ----a-w- C:\Windows\PEV.exe
2011-06-14 03:30:24 208896 ----a-w- C:\Windows\MBR.exe
2011-06-14 02:20:44 -------- d-----w- C:\Users\User\AppData\Local\{C5D0036A-F9D1-42DF-94B9-C7D413342FB2}
2011-06-13 21:39:55 -------- d-----w- C:\ProgramData\ALM
2011-06-13 17:06:44 -------- d-----w- C:\Users\User\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-06-13 17:06:40 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2011-06-13 15:46:37 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-13 14:20:19 -------- d-----w- C:\Users\User\AppData\Local\{F7BEC2AC-70E1-49F3-817B-C3719DA96360}
2011-06-13 02:19:54 -------- d-----w- C:\Users\User\AppData\Local\{30887CB5-33B1-494C-9F79-87AC7E6E01B8}
2011-06-12 16:06:04 -------- d-----w- C:\Users\User\AppData\Roaming\AVG10
2011-06-12 16:04:18 -------- d--h--w- C:\ProgramData\Common Files
2011-06-12 15:59:46 -------- d-----w- C:\ProgramData\AVG10
2011-06-12 15:59:11 -------- d-----w- C:\Program Files (x86)\AVG
2011-06-12 15:52:26 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2011-06-12 15:52:19 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-12 15:52:18 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-12 15:52:16 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-12 15:52:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-12 15:48:37 -------- d-----w- C:\ProgramData\MFAData
2011-06-12 15:25:09 151552 --sha-r- C:\Windows\SysWow64\Setup6.dll
2011-06-12 14:19:29 -------- d-----w- C:\Users\User\AppData\Local\{7F00538B-34F2-4D6D-BDCB-AD8018BE8A16}
2011-06-12 00:44:53 -------- d-----w- C:\Users\User\AppData\Local\{B5EED55E-FEA5-4839-B9E6-0D2204CB7243}
2011-06-11 12:44:27 -------- d-----w- C:\Users\User\AppData\Local\{F976AC91-9408-46CB-936B-DF005F883867}
2011-06-11 00:44:15 -------- d-----w- C:\Users\User\AppData\Local\{0B523D93-3E4A-4ACE-BC0C-69BA102A1E4A}
2011-06-10 12:43:50 -------- d-----w- C:\Users\User\AppData\Local\{C0DF5CD5-C20C-440C-B341-9E973608003E}
2011-06-10 06:34:49 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85F7ECBA-BC8D-4BF8-A1A7-A23BC6D1933B}\mpengine.dll
2011-06-09 12:43:25 -------- d-----w- C:\Users\User\AppData\Local\{F46F0FCB-9239-4944-AD37-365F6699A947}
2011-06-09 00:43:13 -------- d-----w- C:\Users\User\AppData\Local\{5E379491-8189-4A83-BFCF-0046F7DC265C}
2011-06-08 12:42:47 -------- d-----w- C:\Users\User\AppData\Local\{257C3E8F-D045-44DC-9398-A09AD43F1ED7}
2011-06-08 00:42:35 -------- d-----w- C:\Users\User\AppData\Local\{AA0C3A0A-68B7-4B7E-B6FC-6CF3EB2C1662}
2011-06-07 00:41:57 -------- d-----w- C:\Users\User\AppData\Local\{B3B5A461-3456-490F-BA58-1F6A8BEDE390}
2011-06-06 12:41:45 -------- d-----w- C:\Users\User\AppData\Local\{E78EEE6E-DF10-4923-B40A-189ACA3B5484}
2011-06-06 00:41:15 -------- d-----w- C:\Users\User\AppData\Local\{4746E016-3FDF-4FF9-A73D-CC294073A19E}
2011-06-05 12:40:50 -------- d-----w- C:\Users\User\AppData\Local\{3D17A845-136F-406C-9109-5C74BE1F0FD4}
2011-06-05 00:40:38 -------- d-----w- C:\Users\User\AppData\Local\{CB4400C2-C6BD-4843-92C1-BAA50BF64DF2}
2011-06-04 12:40:21 -------- d-----w- C:\Users\User\AppData\Local\{1291892A-41EA-4155-9706-70D12911F1E8}
2011-06-04 00:39:56 -------- d-----w- C:\Users\User\AppData\Local\{D1B09BA8-18F1-458D-80D0-5BDD05FD8AB7}
2011-06-03 12:39:30 -------- d-----w- C:\Users\User\AppData\Local\{342E4951-6FA9-4242-82E4-7AAD0E2BB5B6}
2011-06-02 23:46:43 -------- d-----w- C:\Users\User\AppData\Local\{377EAB27-199B-4C36-B7C0-D470E7D8E6FE}
2011-06-02 11:46:30 -------- d-----w- C:\Users\User\AppData\Local\{F90E10B2-8FCF-4A0E-A4D6-9175EDCD5E3B}
2011-06-01 23:46:18 -------- d-----w- C:\Users\User\AppData\Local\{900025B9-7D78-4826-A34E-B13C1F74138B}
2011-05-31 11:45:37 -------- d-----w- C:\Users\User\AppData\Local\{492EB5F3-0C57-4CAE-8D4A-3F0BA2AD5705}
2011-05-30 23:45:25 -------- d-----w- C:\Users\User\AppData\Local\{EDFC7274-570F-4A59-84E8-C2D2EF2E600A}
2011-05-30 11:45:13 -------- d-----w- C:\Users\User\AppData\Local\{AE2E324E-EC37-4062-A57A-4EFC4E8E76B7}
2011-05-30 01:08:50 1619048 ----a-w- C:\Windows\System32\nvdispco6420140.dll
2011-05-30 01:08:50 1404008 ----a-w- C:\Windows\System32\nvgenco642060.dll
2011-05-30 01:08:22 -------- d-----w- C:\NVIDIA
2011-05-29 23:45:01 -------- d-----w- C:\Users\User\AppData\Local\{A60A65B3-516A-43C1-ADCB-DB1D0A4AFAE0}
2011-05-29 11:44:36 -------- d-----w- C:\Users\User\AppData\Local\{AFF5AED7-C643-4313-917D-718B6D1F857F}
2011-05-28 11:44:12 -------- d-----w- C:\Users\User\AppData\Local\{49A3509B-F9EE-4728-A153-818B528463AA}
2011-05-27 23:43:47 -------- d-----w- C:\Users\User\AppData\Local\{FACA31D9-F1F1-4CF6-952A-378253153299}
2011-05-26 11:42:57 -------- d-----w- C:\Users\User\AppData\Local\{5DFCBAEF-563B-464C-8CEB-48DD5DA72E93}
2011-05-25 23:42:44 -------- d-----w- C:\Users\User\AppData\Local\{8C04A43F-7021-4D39-BF4D-B7FB698CA00C}
2011-05-25 11:42:32 -------- d-----w- C:\Users\User\AppData\Local\{97C2F065-0A47-4197-AF35-1488AB607E8B}
2011-05-25 02:01:56 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 23:42:19 -------- d-----w- C:\Users\User\AppData\Local\{902C0795-A2D3-4010-8B9D-BCCFE46EF24F}
2011-05-24 11:41:54 -------- d-----w- C:\Users\User\AppData\Local\{BE6F61EC-3821-457D-B01C-696FE8A3EEEA}
2011-05-24 09:21:11 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-24 09:21:11 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-23 19:39:49 -------- d-----w- C:\Users\User\AppData\Local\{4B072CD5-E60B-49AA-9684-C6B6A410C2E4}
2011-05-23 17:55:45 -------- d-----w- C:\Tillery Worldwide
2011-05-23 07:39:23 -------- d-----w- C:\Users\User\AppData\Local\{727FF741-A94F-491F-9900-7C257B6B629D}
2011-05-22 19:39:10 -------- d-----w- C:\Users\User\AppData\Local\{0314B0FF-AE31-49CF-9A96-C7F624D7A1D4}
2011-05-22 07:38:58 -------- d-----w- C:\Users\User\AppData\Local\{6C2BA0DD-3789-4DC9-9715-1C1044546255}
2011-05-21 19:38:32 -------- d-----w- C:\Users\User\AppData\Local\{E3F3E262-156A-485B-BD02-0F1E45D8D44F}
2011-05-21 16:04:53 -------- d-----w- C:\Users\User\AppData\Local\{64D3B881-53A5-4EF8-B712-EA56A104802B}
2011-05-21 04:04:37 -------- d-----w- C:\Users\User\AppData\Local\{B8217F56-0BB3-46BB-BDC7-C05261BC50E2}
2011-05-20 16:04:12 -------- d-----w- C:\Users\User\AppData\Local\{ECC60B63-AA8F-4EA2-BB37-80506F54CCE9}
2011-05-20 04:03:59 -------- d-----w- C:\Users\User\AppData\Local\{0496B69E-972A-4533-9FD9-9680D90595FE}
2011-05-19 04:03:34 -------- d-----w- C:\Users\User\AppData\Local\{B749F309-699F-496A-9AF9-FB74FC4EFC54}
2011-05-18 16:03:09 -------- d-----w- C:\Users\User\AppData\Local\{589FF139-9E52-4CCD-BADB-25A5833EFB23}
2011-05-18 04:02:44 -------- d-----w- C:\Users\User\AppData\Local\{D70F6424-FF47-4618-A630-564880E2C82F}
2011-05-17 16:02:19 -------- d-----w- C:\Users\User\AppData\Local\{0A07922F-2354-45C8-A832-9551AA6DEE77}
2011-05-17 04:01:54 -------- d-----w- C:\Users\User\AppData\Local\{CED5273A-B43B-4D6C-B379-102AE9D8345F}
2011-05-16 16:01:29 -------- d-----w- C:\Users\User\AppData\Local\{E7D9F4B8-4F76-4A9C-BF6F-5168E97B9DE7}
2011-05-16 04:01:04 -------- d-----w- C:\Users\User\AppData\Local\{EF3BF9C1-8417-4203-BBEF-2653224759FE}
.
==================== Find3M ====================
.
2011-05-04 07:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-22 00:48:47 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-04-22 00:48:47 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-04-22 00:48:47 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-03-25 03:23:22 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-03-25 03:23:03 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-03-25 03:23:03 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-03-25 03:22:57 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-03-25 03:22:56 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-03-25 03:22:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-03-25 03:22:51 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
.
============= FINISH: 10:18:40.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:39 PM

Posted 19 June 2011 - 05:59 AM

Hi zwarte, and welcome to Bleeping Computer.

I guess you recognise these proxy settings, right?
uInternet Settings,ProxyServer = 192.168.0.1:3128

I see you've run ComboFix on your own...
Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do the following,

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:39 PM

Posted 03 July 2011 - 05:08 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users