Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GoingOnEarth and MSDN redirect


  • This topic is locked This topic is locked
9 replies to this topic

#1 juise15

juise15

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 01 August 2011 - 10:12 PM

I am at my wits end on this redirect issue. I am having redirects in both IE and firefox to www.goingonearth.com/.......

I have ran malwarebytes and superantispyware only to find nothing. I am attaching both my Hijack this and OTL logs.


MiniToolBox by Farbar
Ran by Justin (administrator) on 01-08-2011 at 21:42:47
Windows 7 Professional (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
add address name="Local Area Connection" address=10.0.0.1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JustinXPS2
Primary Dns Suffix . . . . . . . : KVHP.LOCAL
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : KVHP.LOCAL

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82577LC Gigabit Network Connection
Physical Address. . . . . . . . . : 84-2B-2B-83-F4-23
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 00-24-D7-7E-CE-F1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-24-D7-7E-CE-F1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Ultimate-N 6300 AGN
Physical Address. . . . . . . . . : 00-24-D7-7E-CE-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::115d:91c7:a87:b250%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 01, 2011 6:53:26 PM
Lease Expires . . . . . . . . . . : Tuesday, August 02, 2011 6:53:26 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 184558807
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-89-7A-CC-00-24-D7-7E-CE-F0
DNS Servers . . . . . . . . . . . : 208.180.42.100
208.180.42.68
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{2E915031-6814-474E-B325-B4803A1D5BD6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{17635EEA-3649-46BB-82D7-610586B63CFE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1940D37A-7428-48A8-92EE-8C0592361CAA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:30f4:25ad:3f57:fe94(Preferred)
Link-local IPv6 Address . . . . . : fe80::30f4:25ad:3f57:fe94%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{F5267A4E-C5D9-45F9-9271-6AB3E6BA4825}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: rdns02.suddenlink.net
Address: 208.180.42.100

Name: google.com
Addresses: 74.125.93.105
74.125.93.106
74.125.93.147
74.125.93.99
74.125.93.103
74.125.93.104


Pinging google.com [74.125.93.104] with 32 bytes of data:
Reply from 74.125.93.104: bytes=32 time=58ms TTL=45
Reply from 74.125.93.104: bytes=32 time=58ms TTL=45

Ping statistics for 74.125.93.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 58ms, Maximum = 58ms, Average = 58ms
Server: rdns02.suddenlink.net
Address: 208.180.42.100

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=25ms TTL=48
Reply from 209.191.122.70: bytes=32 time=25ms TTL=48

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 25ms, Average = 25ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...84 2b 2b 83 f4 23 ......Intel® 82577LC Gigabit Network Connection
13...00 24 d7 7e ce f1 ......Microsoft Virtual WiFi Miniport Adapter #2
12...00 24 d7 7e ce f1 ......Microsoft Virtual WiFi Miniport Adapter
11...00 24 d7 7e ce f0 ......Intel® Centrino® Ultimate-N 6300 AGN
1...........................Software Loopback Interface 1
33...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
35...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.107 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.107 281
192.168.1.107 255.255.255.255 On-link 192.168.1.107 281
192.168.1.255 255.255.255.255 On-link 192.168.1.107 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.107 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.107 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:30f4:25ad:3f57:fe94/128
On-link
11 281 fe80::/64 On-link
15 306 fe80::/64 On-link
11 281 fe80::115d:91c7:a87:b250/128
On-link
15 306 fe80::30f4:25ad:3f57:fe94/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/01/2011 09:42:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 09:41:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 09:16:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (08/01/2011 09:12:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 09:12:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (08/01/2011 08:45:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 08:45:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 08:45:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 08:01:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 08:01:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/01/2011 07:26:00 PM) (Source: Microsoft-Windows-GroupPolicy) (User: SYSTEM)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (08/01/2011 05:48:56 PM) (Source: Microsoft-Windows-GroupPolicy) (User: SYSTEM)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (08/01/2011 05:48:46 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain KVHP due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (08/01/2011 05:47:16 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/01/2011 05:47:13 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/01/2011 05:45:17 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/01/2011 05:42:44 PM) (Source: Service Control Manager) (User: )
Description: The HappyOSD service terminated unexpectedly. It has done this 1 time(s).

Error: (08/01/2011 05:03:50 PM) (Source: Microsoft-Windows-GroupPolicy) (User: SYSTEM)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (08/01/2011 05:03:40 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain KVHP due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (08/01/2011 10:30:18 AM) (Source: Service Control Manager) (User: )
Description: The Alienware Fusion Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 86%
Total physical RAM: 8180.49 MB
Available physical RAM: 1089.76 MB
Total Pagefile: 16359.12 MB
Available Pagefile: 8483.56 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.73 MB

========================= Partitions: =====================================

1 Drive c: (OSDisk) (Fixed) (Total:582.5 GB) (Free:499.92 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.31 GB) NTFS
3 Drive e: (MSSS_Media64) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
4 Drive f: (DATAPART1) (Fixed) (Total:596.17 GB) (Free:435.69 GB) NTFS
5 Drive g: (ADOBECS5.5) (CDROM) (Total:5.06 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\JUSTINXPS2

Administrator Guest Justin


== End of log ==






ComboFix 11-08-01.05 - Justin 08/01/2011 17:42:45.1.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8180.6075 [GMT -5:00]
Running from: c:\users\Justin\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-08-01 23:59 . 2011-08-01 23:59 -------- d-----w- c:\windows\Standalone System Sweeper
2011-08-01 22:47 . 2011-08-01 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-01 22:11 . 2011-08-01 22:11 -------- d-----w- c:\users\Justin\AppData\Roaming\SUPERAntiSpyware.com
2011-08-01 22:11 . 2011-08-01 22:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-01 22:11 . 2011-08-01 22:11 -------- d-----w- c:\programdata\!SASCORE
2011-08-01 22:11 . 2011-08-01 22:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-01 15:31 . 2011-08-01 15:31 -------- d-----w- c:\users\Justin\AppData\Local\AOL
2011-07-29 20:20 . 2011-07-29 20:20 -------- d-----w- c:\users\Justin\AppData\Roaming\Xerox
2011-07-29 20:18 . 2011-07-29 20:18 -------- d-----w- c:\programdata\Xerox
2011-07-29 20:17 . 2011-07-29 20:19 -------- d-----w- C:\Xerox
2011-07-29 20:12 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-07-28 21:02 . 2011-07-28 21:41 -------- d-----w- c:\users\Justin\AppData\Local\AIM
2011-07-25 12:21 . 2011-08-01 16:59 -------- d-----w- c:\users\Justin\AppData\Local\Adobe
2011-07-25 03:38 . 2011-07-25 03:38 -------- d-----w- c:\users\Justin\AppData\Local\Apple Computer
2011-07-25 03:38 . 2011-07-25 03:38 -------- dc----w- c:\windows\system32\DRVSTORE
2011-07-25 03:38 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-25 03:38 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-07-25 03:38 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-07-25 03:36 . 2011-07-25 03:36 -------- d-----w- c:\program files\Bonjour
2011-07-25 03:36 . 2011-07-25 03:36 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-24 22:09 . 2011-07-24 22:09 -------- d-----w- c:\users\Justin\AppData\Roaming\Malwarebytes
2011-07-24 22:09 . 2011-07-07 00:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-24 22:09 . 2011-07-24 22:09 -------- d-----w- c:\programdata\Malwarebytes
2011-07-24 22:09 . 2011-07-24 22:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-24 22:09 . 2011-07-07 00:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-24 21:36 . 2011-07-24 21:36 -------- d-----w- c:\program files (x86)\Color Finesse
2011-07-24 21:32 . 2011-07-24 21:32 63488 --sha-r- c:\windows\SysWow64\wshom4.dll
2011-07-24 03:12 . 2011-07-25 03:56 -------- d-----w- c:\users\Justin\AppData\Roaming\Apple Computer
2011-07-23 15:04 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F06DBD2-102A-45EF-9CF5-152910061F5A}\mpengine.dll
2011-07-16 12:14 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-07-16 12:14 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-07-16 12:12 . 2011-07-16 12:12 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-07-15 23:16 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-07-15 23:16 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2011-07-15 23:16 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-07-15 23:16 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-07-15 23:16 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-07-15 23:16 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-07-15 23:16 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-07-15 23:16 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-07-15 23:16 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-07-15 23:16 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-07-15 23:16 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-07-15 23:05 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-15 23:05 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-15 23:05 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-15 23:05 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-15 23:05 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-07-15 23:05 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-15 23:05 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-15 03:22 . 2011-07-15 03:22 -------- d-----w- c:\program files\Synthetic Aperture
2011-07-15 03:17 . 2011-07-15 03:17 -------- d-----w- c:\program files (x86)\Synthetic Aperture
2011-07-15 03:02 . 2011-07-15 03:02 -------- d-----w- c:\users\Justin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-07-15 01:46 . 2011-07-25 03:37 -------- d-----w- c:\programdata\Apple Computer
2011-07-15 01:46 . 2011-07-25 03:37 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-07-15 01:45 . 2011-07-25 03:37 -------- d-----w- c:\programdata\Apple
2011-07-15 01:43 . 2011-07-15 01:43 -------- d-----w- c:\users\Justin\AppData\Roaming\Python-Eggs
2011-07-15 01:43 . 2011-07-24 21:31 -------- d-----w- c:\users\Justin\AppData\Roaming\BitLord
2011-07-15 01:43 . 2011-07-15 01:43 -------- d-----w- c:\program files (x86)\BitLord 1.2
2011-07-15 01:41 . 2011-07-15 01:41 -------- d-----w- c:\users\Justin\AppData\Roaming\PACE Anti-Piracy
2011-07-15 01:41 . 2011-07-15 01:41 -------- d-----w- c:\users\Justin\AppData\Local\PACE Anti-Piracy
2011-07-15 01:41 . 2011-07-15 01:41 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-07-15 01:41 . 2011-07-15 01:41 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-07-15 01:28 . 2011-07-15 01:28 -------- d-----w- c:\programdata\ALM
2011-07-15 01:25 . 2011-07-15 01:25 -------- d-----w- c:\users\Justin\Adobe Flash Builder 4.5
2011-07-15 01:21 . 2011-07-15 01:21 -------- d-----w- c:\program files (x86)\Adobe Story
2011-07-15 01:20 . 2011-07-15 01:20 -------- d-----w- c:\program files (x86)\My Company Name
2011-07-15 01:20 . 2011-07-15 01:20 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-07-15 01:20 . 2011-07-15 01:20 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-07-15 01:20 . 2009-07-09 08:00 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-07-15 01:20 . 2009-06-23 08:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-07-15 01:20 . 2009-06-23 08:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-07-15 01:18 . 2011-07-15 01:30 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-15 01:18 . 2011-07-15 01:18 -------- d-----w- c:\windows\SysWow64\Macromed
2011-07-15 01:18 . 2011-07-15 01:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-07-15 01:15 . 2011-07-15 01:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-07-15 01:06 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-07-15 01:06 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-07-15 01:06 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-07-15 01:06 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-07-15 01:06 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-07-14 21:50 . 2011-07-15 01:06 -------- d-----w- c:\users\Justin\AppData\Roaming\acccore
2011-07-14 21:50 . 2011-07-14 21:50 -------- d-----w- c:\programdata\AIM
2011-07-14 21:50 . 2011-07-14 21:50 -------- d-----w- c:\program files (x86)\AIM
2011-07-14 21:50 . 2011-07-14 21:50 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2011-07-14 21:50 . 2011-07-14 21:50 -------- d-----w- c:\program files (x86)\Common Files\AOL
2011-07-14 21:47 . 2011-07-14 21:47 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-14 21:46 . 2011-07-14 21:47 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar
2011-07-14 21:46 . 2011-07-14 21:47 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-07-14 21:46 . 2011-07-14 21:48 -------- d-----w- c:\users\Justin\AppData\Roaming\DAEMON Tools Lite
2011-07-14 21:46 . 2011-07-14 21:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-07-14 21:13 . 2011-07-25 12:13 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-07-14 21:13 . 2011-07-19 12:07 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-07-14 21:13 . 2011-07-14 21:13 -------- d-----w- c:\windows\PCHEALTH
2011-07-14 21:10 . 2011-07-14 21:10 -------- d-----w- c:\users\Justin\AppData\Local\Microsoft Help
2011-07-14 21:10 . 2011-07-28 20:18 -------- d-----w- c:\programdata\Microsoft Help
2011-07-14 21:09 . 2011-07-14 21:09 -------- d-----r- C:\MSOCache
2011-07-14 20:21 . 2011-07-14 20:21 -------- d-----w- c:\users\Justin\AppData\Roaming\DAEMON Tools Pro
2011-07-14 20:21 . 2011-07-14 20:21 -------- d-----w- c:\programdata\DAEMON Tools Pro
2011-07-14 19:43 . 2011-07-14 19:43 -------- d-----w- c:\users\Justin\AppData\Roaming\Intel Corporation
2011-07-14 17:04 . 2011-07-14 17:04 -------- d-----w- c:\windows\SysWow64\Wat
2011-07-14 17:04 . 2011-07-14 17:04 -------- d-----w- c:\windows\system32\Wat
2011-07-14 16:50 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-07-14 16:50 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-07-14 16:38 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-07-14 16:38 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-07-14 16:38 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-14 16:38 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-07-14 16:38 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-07-14 16:38 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-07-14 16:38 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-14 16:38 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-07-14 16:38 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-14 16:38 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-07-14 16:33 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-07-14 16:33 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-07-14 16:32 . 2011-07-14 21:51 -------- d-----w- c:\users\Justin\AppData\Roaming\DRPSu
2011-07-14 16:30 . 2011-07-14 16:30 -------- d-----w- c:\program files\DIFX
2011-07-14 16:30 . 2009-07-04 17:27 55808 ----a-w- c:\windows\system32\drivers\rixdpe64.sys
2011-07-14 16:30 . 2009-07-02 06:54 60416 ----a-w- c:\windows\system32\drivers\rimspe64.sys
2011-07-14 16:30 . 2009-07-01 16:31 80896 ----a-w- c:\windows\system32\drivers\risdpe64.sys
2011-07-14 16:30 . 2009-05-28 16:24 196608 ----a-w- c:\windows\system32\RiSDIcon.dll
2011-07-14 16:30 . 2009-05-28 16:24 188416 ----a-w- c:\windows\system32\RiMMCIcon.dll
2011-07-14 16:30 . 2007-07-25 10:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2011-07-14 16:30 . 2004-09-04 01:00 90112 ----a-w- c:\windows\system32\snymsico.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 05:56 . 2011-07-14 14:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-10 13:06 . 2011-05-10 13:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 13:06 . 2011-05-10 13:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-27 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-11 98304]
"OSD_LAUNCH"="c:\program files (x86)\OSD\Launch_OSD.exe" [2009-11-10 32768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe [2009-03-03 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2009-12-30 16384]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF16359.cfxxe" [X]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-12-03 487424]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\9xsepxqp.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM-Run-(Default) - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Alienware\Command Center\AlienSense\FATrayAlert.exe
c:\program files (x86)\OSD\OSD.exe
c:\program files\Alienware\Command Center\AlienFXHook32Mngr.exe
c:\program files\Alienware\Command Center\AlienFusionController.exe
.
**************************************************************************
.
Completion time: 2011-08-01 17:55:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-01 22:55
.
Pre-Run: 538,030,899,200 bytes free
Post-Run: 537,859,670,016 bytes free
.
- - End Of File - - CD39066F47D57D0C6CDF5A87BA46092F

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 05 August 2011 - 07:37 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 juise15

juise15
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 05 August 2011 - 11:08 PM

Logs Attached

Attached Files


Edited by juise15, 05 August 2011 - 11:11 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 05 August 2011 - 11:35 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 juise15

juise15
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 06 August 2011 - 10:43 AM

Looks like the problem has been fixed, at least for now. Ill continue monitoring.

For others who have had this problem, what is the cause or where does the redirect live?

Logs attached.

Attached Files

  • Attached File  log.txt   143.11KB   1 downloads


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 06 August 2011 - 09:10 PM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 09 August 2011 - 05:31 AM

:busy: 8/16
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 17 August 2011 - 08:22 AM

how are we doing?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 20 August 2011 - 02:51 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 AM

Posted 23 August 2011 - 12:45 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users