Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

going-on-earth.com Google redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 xSkoad

xSkoad

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 19 July 2011 - 10:23 PM

Howdy. Having some issues and would really appreciate some help!

Earlier today I did a Google search and tried to go to some sites. I noticed it kept re-directing me to a site called goingonearth.com but he screen was blank. I always knew it wasn't right so immediately backed out. It happens with every Google search link I try to click. After some research Ive found that this can be some pretty vile spyware/virus. Ive already ran Malwarebytes/Spybot/SuperAntiSpywarePro/TDSSKiller/Spyware Doctor/ and Nod32 to no avail. Of course the spyware tools found a couple issues with minor things, but nothing fixed my problem. All the programs are fully up to date also. Still getting the redirects.

Also if I try to google "goingonearth.com" I get re-directed to http://msdn.microsoft.com/en-us/aa570318.aspx

Also ran Gmer as the Prep thread said to do and absolutely nothing came up. With Gmer it would only let me select Services, Registry, Files, and ADS. Everything else was grayed out.

Thanks in advance!



DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Tom at 23:07:20 on 2011-07-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1883 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Aura.lnk - C:\Windows\8 Skin Pack\Aura\Aura.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{23A91CF5-7230-4205-9617-751A9D23AC8E} : DHCPNameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{5CFB4D4C-5EFA-4FFA-8F56-AC6093D77E0A} : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\tkr4ogcx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.woot.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-7-19 218056]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-5-18 272448]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2011-7-19 112592]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-12-21 170640]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-12-21 125296]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-19 366640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-12 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2011-7-10 21072]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-6 25912]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2011-7-19 365280]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2011-7-19 1141712]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
.
=============== Created Last 30 ================
.
2011-07-19 23:57:07 767952 ----a-w- C:\Windows\BDTSupport.dll
2011-07-19 23:57:06 165840 ----a-w- C:\Windows\PCTBDRes.dll
2011-07-19 23:57:06 1640400 ----a-w- C:\Windows\PCTBDCore.dll
2011-07-19 23:57:06 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2011-07-19 23:54:03 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-07-19 23:54:03 133072 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-07-19 23:53:59 218056 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-07-19 23:53:53 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-07-19 23:53:47 -------- d-----w- C:\Users\Tom\AppData\Roaming\PC Tools
2011-07-19 23:53:47 -------- d-----w- C:\ProgramData\PC Tools
2011-07-19 23:53:47 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2011-07-19 23:53:47 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-07-19 20:37:47 709968 ----a-w- C:\Windows\isRS-000.tmp
2011-07-19 17:22:18 -------- d-----w- C:\Program Files (x86)\GetFLV
2011-07-19 17:03:41 71680 --sha-r- C:\Windows\SysWow64\SensApi1.dll
2011-07-18 05:40:13 -------- d-----w- C:\Users\Tom\AppData\Local\SKIDROW
2011-07-18 05:36:53 -------- d-----w- C:\Program Files (x86)\Wizards of the Coast LLC
2011-07-18 03:33:01 -------- d-----w- C:\Users\Tom\AppData\Local\ElevatedDiagnostics
2011-07-17 04:27:20 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-07-17 04:27:20 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-07-17 04:27:20 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-07-17 04:27:20 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-07-17 04:27:20 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-07-17 04:25:44 -------- d-----w- C:\Riot Games
2011-07-17 01:22:02 -------- d-----w- C:\Users\Tom\AppData\Local\PMB Files
2011-07-17 01:22:02 -------- d-----w- C:\ProgramData\PMB Files
2011-07-17 01:21:47 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-07-14 17:14:19 -------- d-----w- C:\Windows\pss
2011-07-12 18:37:52 -------- d-----w- C:\Users\Tom\AppData\Local\HonorbuddyMeshes
2011-07-12 18:37:52 -------- d-----w- C:\Users\Tom\AppData\Local\Bossland GmbH
2011-07-10 18:59:17 21072 ----a-w- C:\Windows\System32\drivers\easytthr.sys
2011-07-10 18:59:17 -------- d-----w- C:\Program Files (x86)\Mobile Stream
2011-07-08 05:56:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-08 05:20:02 886272 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4991\System.Data.SQLite.dll
2011-07-08 05:20:02 64000 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4991\RemoteASMNative.dll
2011-07-08 05:20:02 495616 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4991\Tripper.RecastManaged.dll
2011-07-08 05:20:02 4935168 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4991\Honorbuddy.exe
2011-07-08 05:20:02 43520 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4991\tr\Honorbuddy.resources.dll
2011-07-08 05:20:02 28160 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4991\Tripper.Tools.dll
2011-07-08 05:20:02 275968 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4991\zh-Hans\Honorbuddy.resources.dll
2011-07-08 05:20:02 122368 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4991\fasmdll_managed.dll
2011-07-08 04:24:33 886272 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4620\System.Data.SQLite.dll
2011-07-08 04:24:33 64000 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4620\RemoteASMNative.dll
2011-07-08 04:24:33 495616 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4620\Tripper.RecastManaged.dll
2011-07-08 04:24:33 3255808 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4620\Honorbuddy.exe
2011-07-08 04:24:33 28160 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4620\Tripper.Tools.dll
2011-07-08 04:24:33 174080 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4620\System.Data.SQLite.Linq.dll
2011-07-08 04:24:33 122368 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4620\fasmdll_managed.dll
2011-07-08 04:24:32 360960 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4620\Bots\InstanceBuddy\Instancebuddy.dll
2011-07-08 04:24:32 272896 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4620\Bots\Gatherbuddy2\GatherBuddy2.dll
2011-07-08 04:24:32 1094144 ------w- C:\Program Files (x86)\Mozilla Firefox\Honorbuddy_2.0.0.4620\Bots\ArchaeologyBuddy\ArchaeologyBuddy.dll
2011-07-07 03:59:32 -------- d-----w- C:\Users\Tom\AppData\Local\Apps
2011-07-07 03:59:31 -------- d-----w- C:\Users\Tom\AppData\Local\Deployment
2011-07-05 21:29:46 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2011-07-05 19:00:25 -------- d-----w- C:\World of Warcraft
2011-07-05 19:00:25 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2011-07-05 18:49:43 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-07-05 18:49:43 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-07-05 18:49:43 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-07-05 18:49:43 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-07-05 18:49:43 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-07-05 04:59:03 -------- d-----w- C:\ProgramData\Blizzard
2011-06-26 04:18:00 -------- d-----w- C:\Program Files\Ventrilo
2011-06-26 04:17:08 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-06-25 00:22:51 -------- d-----w- C:\Program Files (x86)\Steam
2011-06-25 00:22:51 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-06-24 17:53:40 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 17:53:40 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-24 03:15:01 -------- d-----w- C:\ProgramData\CustoPackTools
2011-06-24 03:14:38 -------- d-----w- C:\Program Files (x86)\CustoPackTools
2011-06-24 03:00:36 2872320 ----a-w- C:\Windows\explorer.exe
2011-06-24 03:00:35 23555072 ----a-w- C:\Windows\SysWow64\imageres.dll
2011-06-24 03:00:35 1492992 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2011-06-24 03:00:34 1791488 ----a-w- C:\Windows\SysWow64\authui.dll
2011-06-24 03:00:33 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.tmp
2011-06-24 03:00:33 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup
2011-06-24 03:00:33 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.tmp
2011-06-24 03:00:33 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup
2011-06-24 03:00:31 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup
2011-06-24 03:00:29 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2011-06-24 03:00:28 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2011-06-24 03:00:24 -------- d--h--w- C:\Windows\8 Skin Pack
2011-06-23 19:46:08 -------- d-----w- C:\ProgramData\CanonIJ
2011-06-23 19:45:21 -------- d--h--w- C:\ProgramData\CanonIJScan
2011-06-23 04:38:48 -------- d-----w- C:\Program Files (x86)\Stunlock Studios
2011-06-23 04:06:05 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll
2011-06-23 04:06:04 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2011-06-23 04:06:04 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2011-06-23 04:06:04 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2011-06-23 04:06:04 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2011-06-23 04:06:04 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll
2011-06-23 04:05:36 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
.
==================== Find3M ====================
.
2011-07-19 17:25:40 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-24 03:00:31 2851840 ----a-w- C:\Windows\System32\themeui.dll
2011-06-24 03:00:29 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-06-24 03:00:28 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-06-13 18:07:02 446258 ----a-w- C:\Windows\AutoKMS.exe
2011-06-07 05:37:38 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-05-30 21:21:23 683801 ----a-w- C:\Windows\unins000.exe
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-21 02:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-05-18 05:24:40 272448 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-05-13 00:13:11 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-05-03 20:33:46 2854504 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-05-02 22:03:32 88680 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 23:07:47.26 ===============

Not sure about the bumping rules, but my thread was 5 pages in, so Im giving it a bump.


-edit-

Of course its right there at the top of the forums.... and now Im not seeing any way for me to delete my bump. Sorry.

EDIT: Please be patient. There are over 350 unanswered topics in this forum at present and the current average wait time to receive help is 14 days. ~Budapest

Attached Files


Edited by Budapest, 20 July 2011 - 05:18 PM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:55 AM

Posted 01 August 2011 - 04:56 AM

Hi xSkoad, and welcome to Bleeping Computer.

Eset's Nod32 has good detections when it comes to this particular infection, so it's possible your problem is already resolved... If not, please perform the following steps:

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:55 AM

Posted 12 August 2011 - 03:50 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users