Blocked safemode + redirecting links = problem

View previous topic View next topic Go down

Blocked safemode + redirecting links = problem

Post by jaylarson on 7th January 2010, 6:02 pm

Hi Geek Police.

I tried to solve this myself, but it looks like I need some help. I am unable to log into safemode with WindozeXP as I get a flash of a BSOD then it reboots to the screen where I choose my login mode ("Use last settings that worked" et al.). I've used several apps that worked with rootkits, Malwarebytes (which finds stuff, but apparently not everything), and NOD32 keeps finding stuff. I think I have most things under control. Hopefully we can get this cleared up soon.

Thanks in advance, I look forward to being productive again.

Jay

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 7th January 2010, 9:00 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 7th January 2010, 9:10 pm

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:09:41 PM, on 1/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 2.3\lightroom.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Append Link Target to Existing PDF - [You must be registered and logged in to see this link.] Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - [You must be registered and logged in to see this link.] Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - [You must be registered and logged in to see this link.] Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9e176f8cc07e2) (gupdate1c9e176f8cc07e2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 10625 bytes

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 7th January 2010, 11:19 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 8th January 2010, 6:22 am

Shouldn't I run a Full Scan instead?



Malwarebytes' Anti-Malware 1.44
Database version: 3513
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/8/2010 12:19:21 AM
mbam-log-2010-01-08 (00-19-21).txt

Scan type: Quick Scan
Objects scanned: 131905
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 8th January 2010, 10:40 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 8th January 2010, 7:05 pm

ComboFix 10-01-04.01 - Jay 01/08/2010 12:36:02.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1581 [GMT -6:00]
Running from: c:\documents and settings\Jay\Desktop\Combo-Fix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\vrrld.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_vrrld
-------\Service_vrrld


((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 02:19 . 2010-01-08 02:19 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-01-07 18:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 06:23 . 2010-01-06 06:23 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-01-05 09:29 . 2010-01-06 07:07 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-01-05 09:05 . 2010-01-05 09:05 2 --shatr- c:\windows\winstart.bat
2010-01-05 09:05 . 2009-12-22 20:38 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-01-05 09:05 . 2010-01-05 09:16 -------- d-----w- c:\program files\UnHackMe
2010-01-05 09:04 . 2010-01-05 17:39 -------- d-----w- c:\program files\Anti Trojan Elite
2010-01-05 07:01 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 07:01 . 2010-01-08 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 07:01 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 05:44 . 2010-01-05 05:44 -------- d-----w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com
2010-01-04 22:46 . 2010-01-04 22:46 -------- d-----w- c:\program files\CCleaner
2010-01-04 22:11 . 2010-01-04 22:11 0 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-04 20:08 . 2010-01-04 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-01-04 20:08 . 2010-01-06 21:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-04 05:08 . 2010-01-04 05:08 -------- d-----w- c:\program files\Trend Micro
2010-01-04 00:00 . 2010-01-04 00:01 -------- d-----w- c:\program files\Realtek AC97
2010-01-02 01:24 . 2010-01-02 01:50 -------- d-----w- c:\program files\Motherboard Monitor 5
2010-01-01 22:03 . 2010-01-01 22:03 -------- d-----w- c:\program files\Driver-Soft
2009-12-31 23:04 . 2009-12-31 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FarmFrenzy3_Arctica
2009-12-31 23:03 . 2009-12-31 23:34 -------- d-----w- c:\program files\Alawar
2009-12-31 20:28 . 2009-12-31 20:30 -------- d-----w- c:\documents and settings\Jay\Application Data\FLV Extract
2009-12-25 18:48 . 2009-12-25 18:48 -------- d-----w- c:\windows\system32\xlive
2009-12-25 18:15 . 2009-12-25 18:15 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\documents and settings\Jay\Application Data\CheeseSoft
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\program files\FinalUninstaller
2009-12-21 19:53 . 2009-03-31 02:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 19:53 . 2009-03-31 02:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-21 19:52 . 2009-12-21 19:52 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-21 19:50 . 2009-12-22 20:44 -------- d-----w- c:\program files\Avi2Dvd
2009-12-15 01:16 . 2009-12-15 01:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 19:32 . 2009-12-12 19:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm
2009-12-12 19:31 . 2009-12-12 19:31 -------- d-----w- c:\program files\Last.fm
2009-12-10 05:34 . 2009-12-13 07:49 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\Cooliris

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 18:51 . 2009-12-03 07:19 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-01-08 18:51 . 2008-09-02 13:58 -------- d-----w- c:\documents and settings\Jay\Application Data\WTablet
2010-01-08 18:50 . 2008-09-02 22:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-01-08 17:50 . 2010-01-05 05:48 52224 ----a-w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-08 17:50 . 2010-01-05 05:45 117760 ----a-w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-08 13:43 . 2010-01-08 17:49 2036736 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-08 08:26 . 2008-08-24 10:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-01-08 06:12 . 2010-01-08 06:12 5115824 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-08 00:47 . 2009-11-18 17:04 -------- d-----w- c:\program files\PeerBlock
2010-01-07 21:08 . 2010-01-07 21:08 388096 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 20:49 . 2008-12-24 06:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Soulseek
2010-01-07 18:09 . 2008-07-29 00:23 -------- d-----w- c:\documents and settings\Jay\Application Data\FontExplorerX
2010-01-07 17:11 . 2008-08-17 05:38 -------- d-----w- c:\program files\Google
2010-01-06 22:42 . 2010-01-06 22:42 1590541 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-01-05 22:50 . 2008-09-09 13:29 1 ----a-w- c:\documents and settings\Jay\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-05 22:50 . 2008-09-09 04:21 -------- d-----w- c:\documents and settings\Jay\Application Data\OpenOffice.org2
2010-01-05 09:45 . 2010-01-05 09:52 1979904 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-05 09:17 . 2010-01-05 09:21 1979392 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-05 09:06 . 2010-01-05 09:12 1983488 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-01-05 07:23 . 2008-08-10 02:14 -------- d-----w- c:\program files\Java
2010-01-05 05:44 . 2008-08-10 17:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 05:20 . 2008-07-28 03:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-01-04 21:38 . 2010-01-04 21:40 507904 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-04 21:32 . 2010-01-04 21:36 1930240 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-04 18:42 . 2008-07-28 02:44 -------- d-----w- c:\program files\ESET
2010-01-03 21:52 . 2009-03-03 01:30 63460 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-03 21:10 . 2010-01-03 21:12 264192 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-03 21:10 . 2010-01-03 21:12 1840640 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-03 18:31 . 2008-07-30 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\uTorrent
2010-01-02 03:46 . 2008-07-28 02:28 93176 ----a-w- c:\documents and settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 21:27 . 2010-01-01 21:29 412672 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-01 06:17 . 2008-08-11 04:18 -------- d-----w- c:\program files\Flickr Uploadr
2010-01-01 05:55 . 2008-10-05 20:12 -------- d-----w- c:\program files\dng4ps2
2009-12-31 20:25 . 2008-07-28 02:53 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-12-31 20:25 . 2008-11-26 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\Orbit
2009-12-27 04:08 . 2008-07-28 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 01:22 . 2009-12-26 09:56 1764352 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-12-26 01:22 . 2009-12-26 09:56 1259520 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-12-25 18:48 . 2009-07-04 06:27 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-24 20:29 . 2009-01-12 19:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-12-24 20:19 . 2009-01-12 19:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-24 09:10 . 2008-08-10 17:23 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-12-21 19:54 . 2009-04-27 19:48 -------- d-----w- c:\program files\Xvid
2009-12-21 19:53 . 2009-06-30 20:36 -------- d-----w- c:\program files\ffdshow
2009-12-21 03:59 . 2009-04-07 07:11 -------- d-----w- c:\program files\Free FLV Converter
2009-12-21 03:58 . 2009-09-18 05:52 -------- d-----w- c:\program files\Electronic Arts
2009-12-21 03:58 . 2009-01-21 06:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2009-12-21 03:57 . 2008-09-16 04:12 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-12-16 07:33 . 2008-11-19 04:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-16 07:33 . 2009-08-17 19:57 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-16 07:33 . 2008-11-19 04:28 38784 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-12 19:32 . 2009-12-12 19:32 100 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\uninst2.bat
2009-12-12 19:32 . 2009-12-12 19:32 683801 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-12-08 22:57 . 2009-12-08 22:57 -------- d-----w- c:\program files\Headup Games
2009-12-05 09:13 . 2009-12-05 09:13 -------- d-----w- c:\documents and settings\Jay\Application Data\Digital Film Tools
2009-12-05 09:13 . 2009-12-05 09:13 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Digital Film Tools
2009-12-05 09:09 . 2009-12-05 09:09 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{52FCF078-90CF-4370-B2F3-94A0EC63788E}
2009-12-05 09:06 . 2009-12-05 09:05 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{E4C586E0-98B5-4B03-B8FF-54A43CAD4B8C}
2009-12-05 05:04 . 2008-10-18 04:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-05 05:03 . 2009-02-14 16:55 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-05 05:03 . 2009-02-14 16:55 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-03 07:24 . 2008-07-28 03:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 07:19 . 2009-12-03 07:19 -------- d-----w- c:\program files\Zone Labs
2009-12-01 03:53 . 2009-11-25 00:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BioWare
2009-11-28 05:51 . 2008-07-28 03:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-11-25 03:51 . 2009-09-16 08:09 -------- d-----w- c:\program files\Common Files\Acronis
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\program files\Process Lasso
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\documents and settings\Jay\Application Data\ProcessLasso
2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 06:38 . 2008-07-30 03:14 -------- d-----w- c:\program files\PeerGuardian2
2009-11-19 06:33 . 2009-11-19 06:33 -------- d-----w- c:\program files\Microsoft
2009-11-19 06:33 . 2009-11-19 06:31 -------- d-----w- c:\program files\Windows Live
2009-11-19 06:32 . 2009-11-19 06:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-19 06:27 . 2009-11-19 06:27 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-13 17:27 . 2009-11-13 17:27 593920 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-12 14:08 . 2008-09-06 20:46 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-11 22:19 . 2009-11-11 22:19 375808 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-02 05:24 . 2009-11-02 09:18 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Graphic Design\00000000\maindata.sys
2009-10-31 19:11 . 2009-10-31 23:03 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Photos\00000001\maindata.sys
2009-10-29 07:46 . 2001-08-23 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-19 16:03 . 2009-10-19 16:03 1961720 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-10-13 10:30 . 2001-08-23 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-23 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-23 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-06-09 09:48 . 2008-06-09 05:15 768 ----a-w- c:\program files\NT Compatibility.ini
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-01-04 22:34 71846 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-01-08 18:54 71846 c:\windows\system32\perfc009.dat
+ 2010-01-04 22:36 . 2010-01-04 22:36 78924 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat
+ 2010-01-08 06:52 . 2010-01-08 13:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010820100109\index.dat
+ 2010-01-07 22:25 . 2010-01-07 22:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010720100108\index.dat
+ 2010-01-06 12:55 . 2010-01-06 16:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010620100107\index.dat
+ 2010-01-05 12:58 . 2010-01-05 16:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010520100106\index.dat
- 2010-01-04 12:08 . 2010-01-04 16:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010420100105\index.dat
+ 2010-01-04 12:08 . 2010-01-04 22:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010420100105\index.dat
+ 2008-07-28 01:15 . 2010-01-08 18:50 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-28 01:15 . 2010-01-08 18:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-07-28 01:15 . 2010-01-04 22:35 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-01-04 12:45 . 2010-01-04 18:03 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-01-04 12:45 . 2010-01-06 08:00 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
- 2010-01-04 20:08 . 2010-01-04 20:08 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-01-05 05:44 . 2010-01-05 05:44 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2010-01-04 20:08 . 2010-01-04 20:08 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-01-05 05:44 . 2010-01-05 05:44 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ARPPRODUCTICON.exe
+ 2010-01-06 06:24 . 2010-01-06 06:24 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-01-05 05:44 . 2010-01-05 05:44 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2010-01-04 20:08 . 2010-01-04 20:08 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2001-08-23 12:00 . 2010-01-08 18:54 443588 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-01-04 22:34 443588 c:\windows\system32\perfh009.dat
+ 2008-07-28 02:00 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\aec.sys
+ 2008-07-28 01:15 . 2010-01-08 18:50 786432 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-08 02:19 . 2010-01-08 02:19 188430 c:\windows\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\UserCache.bin
+ 2010-01-07 21:08 . 2010-01-07 21:08 1093632 c:\windows\Installer\9efddb.msi
+ 2010-01-07 17:13 . 2010-01-07 17:13 1262080 c:\windows\Installer\3f50338.msi
+ 2010-01-05 05:44 . 2010-01-05 05:44 1583616 c:\windows\Installer\199bed.msi
- 2008-07-28 02:29 . 2009-12-01 20:06 25966024 c:\windows\system32\MRT.exe
+ 2010-01-07 17:08 . 2009-12-01 18:06 25966024 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-06 2002160]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2009-12-22 594144]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]
"Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2009-11-30 4076544]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 04:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 08:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-06-12 16:23 93120 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]
2009-04-08 05:40 207360 ----a-w- c:\program files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
2008-04-16 14:55 189056 ----a-w- c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
1998-11-24 08:00 42496 ----a-w- c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
2008-07-28 02:44 949376 ----a-w- c:\program files\ESET\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-02 12:22 577536 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Video Downloader]
2008-11-24 20:45 3257616 ----a-w- c:\program files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AnyDVD"=c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
"Google Update"="c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"GBMPro8Agent"=c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Jay\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\Wacom_Tablet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"20:TCP"= 20:TCP:FTP-Data

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9/2/2008 9:00 PM 5248]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [7/27/2008 7:53 PM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [7/27/2008 7:53 PM 52224]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/29/2008 12:43 PM 16768]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [7/27/2008 8:46 PM 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [1/5/2010 3:04 AM 9216]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [9/1/2008 3:19 PM 3406120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S2 gupdate1c9e176f8cc07e2;Google Update Service (gupdate1c9e176f8cc07e2);c:\program files\Google\Update\GoogleUpdate.exe [5/30/2009 4:35 PM 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 BS_Flash;BS_Flash;c:\program files\Tseries BIOS Update\Award\BS_Flash.sys [7/29/2008 12:43 PM 3604]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 9:36 AM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/18/2009 11:04 AM 14424]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [1/5/2010 3:29 AM 24416]
S3 S3chipid;S3chipid;\??\c:\docume~1\Jay\LOCALS~1\Temp\S3chipid.sys --> c:\docume~1\Jay\LOCALS~1\Temp\S3chipid.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/1/2008 3:19 PM 15656]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9/2/2008 9:00 PM 160640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-17 11:27]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-08 12:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A8C6841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9e12852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{66F82A13-C241-FAF3-6A6F-CC8D5255C196}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oahgkopkbeipbpkdmlfhnhegglldfb"=hex:6a,61,64,6a,6a,67,68,6b,61,6e,63,66,6f,65,
70,6c,65,61,65,65,00,f8
"najfedlieafnocdbomeliokaeijl"=hex:6a,61,64,6a,6a,67,68,6b,61,6e,63,66,6f,65,
70,6c,65,61,65,65,00,f8
"gbpliicoafnpdgkmkokjhdngndbejipkokfdnaojbiepoj"=hex:66,61,6c,66,64,6e,68,69,
66,6d,62,6a,00,ff
"bbbmgmnenlafnonhfpdaohcgemmfeendkmjk"=hex:6a,61,65,6a,6d,68,64,6e,63,6e,61,67,
70,66,65,66,6d,63,62,63,00,00

[HKEY_USERS\S-1-5-21-1417001333-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D264EC0A-5936-22D5-1C77-0E296CA61D14}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\WININET.dll
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2820)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-08 13:03:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-08 19:03
ComboFix2.txt 2010-01-06 22:53
ComboFix3.txt 2010-01-04 22:44

Pre-Run: 25,218,859,008 bytes free
Post-Run: 25,181,855,744 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - B2ECAEE5B100D1070D289BA3BD7AC27B

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 8th January 2010, 7:23 pm

Hello.
Before we clean this up, I need one more log.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 8th January 2010, 7:28 pm

55mm v6 for Adobe Photoshop & Compatible Applications
7-Zip 4.65
ACDSee 10 Photo Manager
Acrobat.com
Acrobat.com
ActionMethod
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2.3
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Alcohol 120%
All Sound Recorder XP 2.16
Anti Trojan Elite 4.7.7
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atmosphere Deluxe v6.0
Autopano Pro
Avi2Dvd 0.5
AviSynth 2.5
Bing Maps 3D
Bonjour
BookSmart™ 1.9.9 1.9.9
BrainWave Generator
Canon Pro9000
CCleaner
Color Efex Pro 3.0 Complete
Connect
Content
Corel Painter 11
Corel Painter 11
Corel Painter 11 - ICA
Corel Painter 11 - IPM
Critical Update for Windows Media Player 11 (KB959772)
CrossFont version 5.2
CuteFTP 8 Professional
DestroyTwitter
Dfine 2.0
Dfx for Adobe Photoshop
Dfx for Adobe Photoshop
Driver Genius Professional Edition
DVD Decrypter (Remove Only)
DxO Optics Pro 5.3.2
DxO Optics Pro for Photoshop CS
Dynamic-Photo HDR 4.2
eMule Plus 1.2e
FairStars Audio Converter 1.52
ffdshow [rev 2844] [2009-03-30]
Final Uninstaller
Flickr Uploadr 3.0.5
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
Genie Backup Manager Pro 8.0
Google Earth
Google Update Helper
Google Updater
GrabIt 1.7.2 Beta 3 (build 996)
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP PrecisionScan
IconHandler 32 bit
Interlok driver setup x32
InterVideo WinDVD 8
IrfanView (remove only)
iTunes
kuler
Langauge
Last.fm 1.5.4.24567
Linksys Wireless-G PCI Network Adapter with SpeedBooster
Linotype FontExplorer X Public Beta
Lizardtech DjVu Control
LucisArt 3 ED/SE
Magic ISO Maker v5.5 (build 0261)
Malwarebytes' Anti-Malware
Medieval CUE Splitter
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Publisher 2007
Microsoft Office Ultimate 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Migratr
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Muiltmedia keyboard utility 1.3
neroxml
NOD32 antivirus system
NOD32 FiX
NVIDIA PhysX
OpenAL
OpenOffice.org 2.4
Orbit Downloader
Ozone v2.5 for Adobe Photoshop
Ozone v2.5 for Adobe Photoshop
PDF Settings CS4
PeerBlock 1.0.0 (r181)
PerfectDisk
Permanent Press 1.02.
Photomatix Pro version 3.0
Photoshop Camera Raw
Photosynth 2.0.1403.5
PhotoTools 2.0 Professional Edition
Picasa 3
Pixel Bender Toolkit
Plug-in Suite 4
Process Lasso
QuarkXPress 7.2
Quicken 2008
QuickTime
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
R-Studio 4.6
Safari
SBaGen 1.4.4
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Sharpener Pro 3.0
Silver Efex Pro
Sony Noise Reduction Plug-In 2.0h
Sony Sound Forge 9.0
Sothink FLV Player
Sothink SWF Decompiler
Sothink Web Video Downloader
SoulSeek 157 NS 13c
Spybot - Search & Destroy
StuffIt 2009
StuffIt Standard Edition 7.5
Suite Shared Configuration CS4
SUPERAntiSpyware Professional
Swift 3D v6.00
System Requirements Lab
System Requirements Lab
The KMPlayer (remove only)
Topaz Adjust 3
TreeSize Professional 5.2.3
Tseries BIOS Update
TuneUp Utilities 2008
Tweak UI
UltraISO V7.21 SR-2
UnHackMe 5.70 release
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vector Magic
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VideoLAN VLC media player 0.8.6i
Viveza
VueScan
Wacom Tablet
WD Diagnostics
Web-Based Email Tools
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.1 final uninstall
zMatte for Adobe Photoshop
zMatte for Adobe Photoshop
ZoneAlarm Pro

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 8th January 2010, 7:41 pm

Hello.

I see that you are running uTorrent and eMule.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    eMule Plus 1.2e

Next,

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\Internet Logs\xDBB.tmp
    c:\windows\Internet Logs\xDBA.tmp
    c:\windows\Internet Logs\xDB9.tmp
    c:\windows\Internet Logs\xDB8.tmp
    c:\windows\Internet Logs\xDB7.tmp
    c:\windows\Internet Logs\xDB6.tmp
    c:\windows\Internet Logs\xDB4.tmp
    c:\windows\Internet Logs\xDB5.tmp
    c:\windows\Internet Logs\xDB2.tmp
    c:\windows\Internet Logs\xDB1.tmp
    c:\windows\Internet Logs\tvDebug.zip

    RegNull::
    [HKEY_USERS\S-1-5-21-1417001333-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{66F82A13-C241-FAF3-6A6F-CC8D5255C196}*]
    [HKEY_USERS\S-1-5-21-1417001333-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D264EC0A-5936-22D5-1C77-0E296CA61D14}*]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 8th January 2010, 9:04 pm

ComboFix 10-01-04.01 - Jay 01/08/2010 14:34:16.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1587 [GMT -6:00]
Running from: c:\documents and settings\Jay\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jay\Desktop\CFscript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 20:22 . 2010-01-08 20:24 -------- d-----w- C:\32788R22FWJFW
2010-01-08 18:16 . 2010-01-08 19:03 -------- d-----w- C:\Combo-Fix
2010-01-08 02:19 . 2010-01-08 02:19 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-01-07 18:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 06:23 . 2010-01-06 06:23 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-01-05 09:29 . 2010-01-06 07:07 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-01-05 09:05 . 2010-01-05 09:05 2 --shatr- c:\windows\winstart.bat
2010-01-05 09:05 . 2009-12-22 20:38 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-01-05 09:05 . 2010-01-05 09:16 -------- d-----w- c:\program files\UnHackMe
2010-01-05 09:04 . 2010-01-05 17:39 -------- d-----w- c:\program files\Anti Trojan Elite
2010-01-05 07:01 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 07:01 . 2010-01-08 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 07:01 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 05:44 . 2010-01-05 05:44 -------- d-----w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com
2010-01-04 22:46 . 2010-01-04 22:46 -------- d-----w- c:\program files\CCleaner
2010-01-04 22:11 . 2010-01-04 22:11 0 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-04 20:08 . 2010-01-04 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-01-04 20:08 . 2010-01-06 21:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-04 05:08 . 2010-01-04 05:08 -------- d-----w- c:\program files\Trend Micro
2010-01-04 00:00 . 2010-01-04 00:01 -------- d-----w- c:\program files\Realtek AC97
2010-01-02 01:24 . 2010-01-02 01:50 -------- d-----w- c:\program files\Motherboard Monitor 5
2010-01-01 22:03 . 2010-01-01 22:03 -------- d-----w- c:\program files\Driver-Soft
2009-12-31 23:04 . 2009-12-31 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FarmFrenzy3_Arctica
2009-12-31 23:03 . 2009-12-31 23:34 -------- d-----w- c:\program files\Alawar
2009-12-31 20:28 . 2009-12-31 20:30 -------- d-----w- c:\documents and settings\Jay\Application Data\FLV Extract
2009-12-25 18:48 . 2009-12-25 18:48 -------- d-----w- c:\windows\system32\xlive
2009-12-25 18:15 . 2009-12-25 18:15 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\documents and settings\Jay\Application Data\CheeseSoft
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\program files\FinalUninstaller
2009-12-21 19:53 . 2009-03-31 02:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 19:53 . 2009-03-31 02:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-21 19:52 . 2009-12-21 19:52 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-21 19:50 . 2009-12-22 20:44 -------- d-----w- c:\program files\Avi2Dvd
2009-12-15 01:16 . 2009-12-15 01:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 19:32 . 2009-12-12 19:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm
2009-12-12 19:31 . 2009-12-12 19:31 -------- d-----w- c:\program files\Last.fm
2009-12-10 05:34 . 2009-12-13 07:49 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\Cooliris

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 20:48 . 2009-12-03 07:19 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-01-08 20:48 . 2008-09-02 13:58 -------- d-----w- c:\documents and settings\Jay\Application Data\WTablet
2010-01-08 20:47 . 2008-09-02 22:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-01-08 20:20 . 2008-07-30 03:10 -------- d-----w- c:\program files\uTorrent
2010-01-08 20:19 . 2009-01-16 18:26 -------- d-----w- c:\program files\eMule
2010-01-08 17:50 . 2010-01-05 05:48 52224 ----a-w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-08 17:50 . 2010-01-05 05:45 117760 ----a-w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-08 13:43 . 2010-01-08 17:49 2036736 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-08 08:26 . 2008-08-24 10:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-01-08 06:12 . 2010-01-08 06:12 5115824 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-08 00:47 . 2009-11-18 17:04 -------- d-----w- c:\program files\PeerBlock
2010-01-07 21:08 . 2010-01-07 21:08 388096 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 20:49 . 2008-12-24 06:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Soulseek
2010-01-07 18:09 . 2008-07-29 00:23 -------- d-----w- c:\documents and settings\Jay\Application Data\FontExplorerX
2010-01-07 17:11 . 2008-08-17 05:38 -------- d-----w- c:\program files\Google
2010-01-06 22:42 . 2010-01-06 22:42 1590541 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-01-05 22:50 . 2008-09-09 13:29 1 ----a-w- c:\documents and settings\Jay\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-05 22:50 . 2008-09-09 04:21 -------- d-----w- c:\documents and settings\Jay\Application Data\OpenOffice.org2
2010-01-05 09:45 . 2010-01-05 09:52 1979904 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-05 09:17 . 2010-01-05 09:21 1979392 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-05 09:06 . 2010-01-05 09:12 1983488 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-01-05 07:23 . 2008-08-10 02:14 -------- d-----w- c:\program files\Java
2010-01-05 05:44 . 2008-08-10 17:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 05:20 . 2008-07-28 03:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-01-04 21:38 . 2010-01-04 21:40 507904 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-04 21:32 . 2010-01-04 21:36 1930240 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-04 18:42 . 2008-07-28 02:44 -------- d-----w- c:\program files\ESET
2010-01-03 21:52 . 2009-03-03 01:30 63460 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-03 21:10 . 2010-01-03 21:12 264192 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-03 21:10 . 2010-01-03 21:12 1840640 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-03 18:31 . 2008-07-30 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\uTorrent
2010-01-02 03:46 . 2008-07-28 02:28 93176 ----a-w- c:\documents and settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 21:27 . 2010-01-01 21:29 412672 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-01 06:17 . 2008-08-11 04:18 -------- d-----w- c:\program files\Flickr Uploadr
2010-01-01 05:55 . 2008-10-05 20:12 -------- d-----w- c:\program files\dng4ps2
2009-12-31 20:25 . 2008-07-28 02:53 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-12-31 20:25 . 2008-11-26 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\Orbit
2009-12-27 04:08 . 2008-07-28 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 01:22 . 2009-12-26 09:56 1764352 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-12-26 01:22 . 2009-12-26 09:56 1259520 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-12-25 18:48 . 2009-07-04 06:27 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-24 20:29 . 2009-01-12 19:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-12-24 20:19 . 2009-01-12 19:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-24 09:10 . 2008-08-10 17:23 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-12-21 19:54 . 2009-04-27 19:48 -------- d-----w- c:\program files\Xvid
2009-12-21 19:53 . 2009-06-30 20:36 -------- d-----w- c:\program files\ffdshow
2009-12-21 03:59 . 2009-04-07 07:11 -------- d-----w- c:\program files\Free FLV Converter
2009-12-21 03:58 . 2009-09-18 05:52 -------- d-----w- c:\program files\Electronic Arts
2009-12-21 03:58 . 2009-01-21 06:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2009-12-21 03:57 . 2008-09-16 04:12 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-12-16 07:33 . 2008-11-19 04:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-16 07:33 . 2009-08-17 19:57 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-16 07:33 . 2008-11-19 04:28 38784 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-12 19:32 . 2009-12-12 19:32 100 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\uninst2.bat
2009-12-12 19:32 . 2009-12-12 19:32 683801 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-12-08 22:57 . 2009-12-08 22:57 -------- d-----w- c:\program files\Headup Games
2009-12-05 09:13 . 2009-12-05 09:13 -------- d-----w- c:\documents and settings\Jay\Application Data\Digital Film Tools
2009-12-05 09:13 . 2009-12-05 09:13 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Digital Film Tools
2009-12-05 09:09 . 2009-12-05 09:09 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{52FCF078-90CF-4370-B2F3-94A0EC63788E}
2009-12-05 09:06 . 2009-12-05 09:05 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{E4C586E0-98B5-4B03-B8FF-54A43CAD4B8C}
2009-12-05 05:04 . 2008-10-18 04:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-05 05:03 . 2009-02-14 16:55 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-05 05:03 . 2009-02-14 16:55 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-03 07:24 . 2008-07-28 03:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 07:19 . 2009-12-03 07:19 -------- d-----w- c:\program files\Zone Labs
2009-12-01 03:53 . 2009-11-25 00:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BioWare
2009-11-28 05:51 . 2008-07-28 03:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-11-25 03:51 . 2009-09-16 08:09 -------- d-----w- c:\program files\Common Files\Acronis
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\program files\Process Lasso
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\documents and settings\Jay\Application Data\ProcessLasso
2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 06:38 . 2008-07-30 03:14 -------- d-----w- c:\program files\PeerGuardian2
2009-11-19 06:33 . 2009-11-19 06:33 -------- d-----w- c:\program files\Microsoft
2009-11-19 06:33 . 2009-11-19 06:31 -------- d-----w- c:\program files\Windows Live
2009-11-19 06:32 . 2009-11-19 06:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-19 06:27 . 2009-11-19 06:27 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-13 17:27 . 2009-11-13 17:27 593920 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-12 14:08 . 2008-09-06 20:46 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-11 22:19 . 2009-11-11 22:19 375808 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-02 05:24 . 2009-11-02 09:18 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Graphic Design\00000000\maindata.sys
2009-10-31 19:11 . 2009-10-31 23:03 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Photos\00000001\maindata.sys
2009-10-29 07:46 . 2001-08-23 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-19 16:03 . 2009-10-19 16:03 1961720 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-10-13 10:30 . 2001-08-23 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-23 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-23 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-06-09 09:48 . 2008-06-09 05:15 768 ----a-w- c:\program files\NT Compatibility.ini
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-01-04 22:34 71846 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-01-08 20:51 71846 c:\windows\system32\perfc009.dat
+ 2010-01-04 22:36 . 2010-01-04 22:36 78924 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat
+ 2010-01-08 06:52 . 2010-01-08 13:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010820100109\index.dat
+ 2010-01-07 22:25 . 2010-01-07 22:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010720100108\index.dat
+ 2010-01-06 12:55 . 2010-01-06 16:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010620100107\index.dat
+ 2010-01-05 12:58 . 2010-01-05 16:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010520100106\index.dat
- 2010-01-04 12:08 . 2010-01-04 16:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010420100105\index.dat
+ 2010-01-04 12:08 . 2010-01-04 22:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010420100105\index.dat
+ 2008-07-28 01:15 . 2010-01-08 20:47 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-28 01:15 . 2010-01-08 20:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-07-28 01:15 . 2010-01-04 22:35 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-01-04 12:45 . 2010-01-04 18:03 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-01-04 12:45 . 2010-01-06 08:00 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
- 2010-01-04 20:08 . 2010-01-04 20:08 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-01-05 05:44 . 2010-01-05 05:44 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2010-01-04 20:08 . 2010-01-04 20:08 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-01-05 05:44 . 2010-01-05 05:44 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-01-07 17:13 . 2010-01-07 17:13 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ARPPRODUCTICON.exe
+ 2010-01-06 06:24 . 2010-01-06 06:24 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-01-05 05:44 . 2010-01-05 05:44 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2010-01-04 20:08 . 2010-01-04 20:08 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2001-08-23 12:00 . 2010-01-08 20:51 443588 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-01-04 22:34 443588 c:\windows\system32\perfh009.dat
+ 2008-07-28 02:00 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\aec.sys
+ 2008-07-28 01:15 . 2010-01-08 20:47 786432 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-08 02:19 . 2010-01-08 02:19 188430 c:\windows\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\UserCache.bin
+ 2010-01-07 21:08 . 2010-01-07 21:08 1093632 c:\windows\Installer\9efddb.msi
+ 2010-01-07 17:13 . 2010-01-07 17:13 1262080 c:\windows\Installer\3f50338.msi
+ 2010-01-05 05:44 . 2010-01-05 05:44 1583616 c:\windows\Installer\199bed.msi
- 2008-07-28 02:29 . 2009-12-01 20:06 25966024 c:\windows\system32\MRT.exe
+ 2010-01-07 17:08 . 2009-12-01 18:06 25966024 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-06 2002160]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2009-12-22 594144]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]
"Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2009-11-30 4076544]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 04:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 08:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-06-12 16:23 93120 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]
2009-04-08 05:40 207360 ----a-w- c:\program files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
2008-04-16 14:55 189056 ----a-w- c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
1998-11-24 08:00 42496 ----a-w- c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
2008-07-28 02:44 949376 ----a-w- c:\program files\ESET\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-02 12:22 577536 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Video Downloader]
2008-11-24 20:45 3257616 ----a-w- c:\program files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AnyDVD"=c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
"Google Update"="c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"GBMPro8Agent"=c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Jay\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\Wacom_Tablet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"20:TCP"= 20:TCP:FTP-Data

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9/2/2008 9:00 PM 5248]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [7/27/2008 7:53 PM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [7/27/2008 7:53 PM 52224]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/29/2008 12:43 PM 16768]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [7/27/2008 8:46 PM 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [1/5/2010 3:04 AM 9216]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [9/1/2008 3:19 PM 3406120]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S2 gupdate1c9e176f8cc07e2;Google Update Service (gupdate1c9e176f8cc07e2);c:\program files\Google\Update\GoogleUpdate.exe [5/30/2009 4:35 PM 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 BS_Flash;BS_Flash;c:\program files\Tseries BIOS Update\Award\BS_Flash.sys [7/29/2008 12:43 PM 3604]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 9:36 AM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/18/2009 11:04 AM 14424]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [1/5/2010 3:29 AM 24416]
S3 S3chipid;S3chipid;\??\c:\docume~1\Jay\LOCALS~1\Temp\S3chipid.sys --> c:\docume~1\Jay\LOCALS~1\Temp\S3chipid.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/1/2008 3:19 PM 15656]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9/2/2008 9:00 PM 160640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-17 11:27]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-08 14:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A8FE841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f37852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\WININET.dll
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(164)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-08 14:59:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-08 20:59
ComboFix2.txt 2010-01-08 19:03
ComboFix3.txt 2010-01-06 22:53
ComboFix4.txt 2010-01-04 22:44

Pre-Run: 25,186,488,320 bytes free
Post-Run: 25,138,462,720 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - E6F859811E9C7283D26F1F3F37AF3ABB

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 8th January 2010, 9:08 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 8th January 2010, 9:20 pm

The refreshing links issue seems to have been fixed. But Safe Mode is still blocked. I wonder if some of the registry fixes I've seen would fix this. What do you think?

PS. Thanks so far!

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 8th January 2010, 9:21 pm

Download and run SafeBootKeyRepair-CF from: [You must be registered and logged in to see this link.]

It will take only a moment for it to run. If it produces a log, please post it in your next reply.

Does Safe Mode work now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 8th January 2010, 9:46 pm

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sharedaccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\UploadMgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vsmon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PEVSystemStart
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 8th January 2010, 9:47 pm

Can you try Safe Mode now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 8th January 2010, 9:50 pm

Nope, Safe Mode is still blocked. But this time there wasn't a flash of a BSOD.

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 8th January 2010, 9:51 pm

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay, and save it to your Desktop.
  • Please disable realtime protection. (If any)
  • Double-click RunFirst.vbs. Follow the prompts and make sure it completes. It will confirm the Restore Point was added.
  • Double-click DragonFix.reg, and follow the prompt(s).
  • Please reboot your computer.

Try Safe Mode again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 8th January 2010, 9:56 pm

Is RunFirst.vbs supposed to be in the zip? All I see is a folder with the registry entry. Do I need to have hȋdden files visible as with file types?

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 8th January 2010, 10:04 pm

No, the creator didn't update the speech, run the .reg file and follow the prompts. Select yes when asked to merge with the registry.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 8th January 2010, 10:26 pm

Unfortunately, we're back to the BSOD flashing too quickly to see the error code. Are there ways for me to pause it or slow it down enough to get the error codes? Or even something to capture via screen captures or a log?

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 8th January 2010, 10:36 pm

See here:
[You must be registered and logged in to see this link.]

Read the instructions for "Recovery Settings", then when you get BSOD, it wont restart until you do a manual hard restart.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 8th January 2010, 10:50 pm

And it looks like the link redirecting is back in effect when I clicked on the link.

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 8th January 2010, 10:51 pm

Please re-run Combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 8th January 2010, 11:08 pm

BSOD:

*** Stop 0x0000007E (0xC0000005, 0x80537009, 0xf789e508, 0xf789e204)

____________

Running combofix now

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 9th January 2010, 8:58 am

ComboFix 10-01-04.01 - Jay 01/09/2010 1:33.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1586 [GMT -6:00]
Running from: c:\documents and settings\Jay\Desktop\Combo-Fix.exe
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-12-09 to 2010-01-09 )))))))))))))))))))))))))))))))
.

2010-01-08 18:16 . 2010-01-08 19:03 -------- d-----w- C:\Combo-Fix
2010-01-07 18:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 09:05 . 2010-01-05 09:05 2 --shatr- c:\windows\winstart.bat
2010-01-05 09:05 . 2010-01-08 22:23 -------- d-----w- c:\program files\UnHackMe
2010-01-05 09:04 . 2010-01-08 21:53 -------- d-----w- c:\program files\Anti Trojan Elite
2010-01-05 07:01 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 07:01 . 2010-01-08 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 07:01 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 05:44 . 2010-01-08 22:24 -------- d-----w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com
2010-01-04 22:46 . 2010-01-04 22:46 -------- d-----w- c:\program files\CCleaner
2010-01-04 22:11 . 2010-01-04 22:11 0 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-04 20:08 . 2010-01-04 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-01-04 20:08 . 2010-01-06 21:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-04 05:08 . 2010-01-04 05:08 -------- d-----w- c:\program files\Trend Micro
2010-01-04 00:00 . 2010-01-04 00:01 -------- d-----w- c:\program files\Realtek AC97
2010-01-02 01:24 . 2010-01-02 01:50 -------- d-----w- c:\program files\Motherboard Monitor 5
2010-01-01 22:03 . 2010-01-01 22:03 -------- d-----w- c:\program files\Driver-Soft
2009-12-31 23:04 . 2009-12-31 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FarmFrenzy3_Arctica
2009-12-31 23:03 . 2009-12-31 23:34 -------- d-----w- c:\program files\Alawar
2009-12-31 20:28 . 2009-12-31 20:30 -------- d-----w- c:\documents and settings\Jay\Application Data\FLV Extract
2009-12-25 18:48 . 2009-12-25 18:48 -------- d-----w- c:\windows\system32\xlive
2009-12-25 18:15 . 2009-12-25 18:15 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\documents and settings\Jay\Application Data\CheeseSoft
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\program files\FinalUninstaller
2009-12-21 19:53 . 2009-03-31 02:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 19:53 . 2009-03-31 02:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-21 19:52 . 2009-12-21 19:52 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-21 19:50 . 2009-12-22 20:44 -------- d-----w- c:\program files\Avi2Dvd
2009-12-15 01:16 . 2009-12-15 01:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 19:32 . 2009-12-12 19:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm
2009-12-12 19:31 . 2009-12-12 19:31 -------- d-----w- c:\program files\Last.fm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 08:45 . 2008-09-02 13:58 -------- d-----w- c:\documents and settings\Jay\Application Data\WTablet
2010-01-09 07:47 . 2009-12-03 07:19 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-01-09 07:46 . 2008-09-02 22:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-01-09 07:44 . 2010-01-09 07:46 3296256 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-01-09 07:44 . 2010-01-09 07:46 2143232 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-01-09 07:27 . 2008-07-28 02:44 -------- d-----w- c:\program files\ESET
2010-01-08 20:20 . 2008-07-30 03:10 -------- d-----w- c:\program files\uTorrent
2010-01-08 20:19 . 2009-01-16 18:26 -------- d-----w- c:\program files\eMule
2010-01-08 13:43 . 2010-01-08 17:49 2036736 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-08 08:26 . 2008-08-24 10:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-01-08 06:12 . 2010-01-08 06:12 5115824 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-08 00:47 . 2009-11-18 17:04 -------- d-----w- c:\program files\PeerBlock
2010-01-07 21:08 . 2010-01-07 21:08 388096 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 20:49 . 2008-12-24 06:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Soulseek
2010-01-07 18:09 . 2008-07-29 00:23 -------- d-----w- c:\documents and settings\Jay\Application Data\FontExplorerX
2010-01-07 17:11 . 2008-08-17 05:38 -------- d-----w- c:\program files\Google
2010-01-06 22:42 . 2010-01-06 22:42 1590541 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-01-05 22:50 . 2008-09-09 13:29 1 ----a-w- c:\documents and settings\Jay\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-05 22:50 . 2008-09-09 04:21 -------- d-----w- c:\documents and settings\Jay\Application Data\OpenOffice.org2
2010-01-05 09:45 . 2010-01-05 09:52 1979904 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-05 09:17 . 2010-01-05 09:21 1979392 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-05 09:06 . 2010-01-05 09:12 1983488 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-01-05 07:23 . 2008-08-10 02:14 -------- d-----w- c:\program files\Java
2010-01-05 05:44 . 2008-08-10 17:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 05:20 . 2008-07-28 03:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-01-04 21:38 . 2010-01-04 21:40 507904 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-04 21:32 . 2010-01-04 21:36 1930240 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-03 21:52 . 2009-03-03 01:30 63460 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-03 21:10 . 2010-01-03 21:12 264192 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-03 21:10 . 2010-01-03 21:12 1840640 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-03 18:31 . 2008-07-30 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\uTorrent
2010-01-02 03:46 . 2008-07-28 02:28 93176 ----a-w- c:\documents and settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 21:27 . 2010-01-01 21:29 412672 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-01 06:17 . 2008-08-11 04:18 -------- d-----w- c:\program files\Flickr Uploadr
2010-01-01 05:55 . 2008-10-05 20:12 -------- d-----w- c:\program files\dng4ps2
2009-12-31 20:25 . 2008-07-28 02:53 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-12-31 20:25 . 2008-11-26 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\Orbit
2009-12-27 04:08 . 2008-07-28 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 01:22 . 2009-12-26 09:56 1764352 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-12-26 01:22 . 2009-12-26 09:56 1259520 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-12-25 18:48 . 2009-07-04 06:27 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-24 20:29 . 2009-01-12 19:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-12-24 20:19 . 2009-01-12 19:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-24 09:10 . 2008-08-10 17:23 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-12-21 19:54 . 2009-04-27 19:48 -------- d-----w- c:\program files\Xvid
2009-12-21 19:53 . 2009-06-30 20:36 -------- d-----w- c:\program files\ffdshow
2009-12-21 03:59 . 2009-04-07 07:11 -------- d-----w- c:\program files\Free FLV Converter
2009-12-21 03:58 . 2009-09-18 05:52 -------- d-----w- c:\program files\Electronic Arts
2009-12-21 03:58 . 2009-01-21 06:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2009-12-21 03:57 . 2008-09-16 04:12 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-12-16 07:33 . 2008-11-19 04:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-16 07:33 . 2009-08-17 19:57 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-16 07:33 . 2008-11-19 04:28 38784 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-12 19:32 . 2009-12-12 19:32 100 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\uninst2.bat
2009-12-12 19:32 . 2009-12-12 19:32 683801 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-12-08 22:57 . 2009-12-08 22:57 -------- d-----w- c:\program files\Headup Games
2009-12-05 09:13 . 2009-12-05 09:13 -------- d-----w- c:\documents and settings\Jay\Application Data\Digital Film Tools
2009-12-05 09:13 . 2009-12-05 09:13 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Digital Film Tools
2009-12-05 09:09 . 2009-12-05 09:09 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{52FCF078-90CF-4370-B2F3-94A0EC63788E}
2009-12-05 09:06 . 2009-12-05 09:05 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{E4C586E0-98B5-4B03-B8FF-54A43CAD4B8C}
2009-12-05 05:04 . 2008-10-18 04:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-05 05:03 . 2009-02-14 16:55 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-05 05:03 . 2009-02-14 16:55 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-03 07:24 . 2008-07-28 03:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 07:19 . 2009-12-03 07:19 -------- d-----w- c:\program files\Zone Labs
2009-12-01 03:53 . 2009-11-25 00:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BioWare
2009-11-28 05:51 . 2008-07-28 03:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-11-25 03:51 . 2009-09-16 08:09 -------- d-----w- c:\program files\Common Files\Acronis
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\program files\Process Lasso
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\documents and settings\Jay\Application Data\ProcessLasso
2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 06:38 . 2008-07-30 03:14 -------- d-----w- c:\program files\PeerGuardian2
2009-11-19 06:33 . 2009-11-19 06:33 -------- d-----w- c:\program files\Microsoft
2009-11-19 06:33 . 2009-11-19 06:31 -------- d-----w- c:\program files\Windows Live
2009-11-19 06:32 . 2009-11-19 06:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-19 06:27 . 2009-11-19 06:27 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-13 17:27 . 2009-11-13 17:27 593920 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-12 14:08 . 2008-09-06 20:46 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-11 22:19 . 2009-11-11 22:19 375808 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-02 05:24 . 2009-11-02 09:18 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Graphic Design\00000000\maindata.sys
2009-10-31 19:11 . 2009-10-31 23:03 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Photos\00000001\maindata.sys
2009-10-29 07:46 . 2001-08-23 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-19 16:03 . 2009-10-19 16:03 1961720 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-10-13 10:30 . 2001-08-23 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-23 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-23 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-06-09 09:48 . 2008-06-09 05:15 768 ----a-w- c:\program files\NT Compatibility.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 04:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 08:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-06-12 16:23 93120 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]
2009-04-08 05:40 207360 ----a-w- c:\program files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
2008-04-16 14:55 189056 ----a-w- c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
1998-11-24 08:00 42496 ----a-w- c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-02 12:22 577536 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Video Downloader]
2008-11-24 20:45 3257616 ----a-w- c:\program files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AnyDVD"=c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
"Google Update"="c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"GBMPro8Agent"=c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Jay\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\Wacom_Tablet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"20:TCP"= 20:TCP:FTP-Data

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9/2/2008 9:00 PM 5248]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [7/27/2008 7:53 PM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [7/27/2008 7:53 PM 52224]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/29/2008 12:43 PM 16768]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [9/1/2008 3:19 PM 3406120]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate1c9e176f8cc07e2;Google Update Service (gupdate1c9e176f8cc07e2);c:\program files\Google\Update\GoogleUpdate.exe [5/30/2009 4:35 PM 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 BS_Flash;BS_Flash;c:\program files\Tseries BIOS Update\Award\BS_Flash.sys [7/29/2008 12:43 PM 3604]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 9:36 AM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/18/2009 11:04 AM 14424]
S3 S3chipid;S3chipid;\??\c:\docume~1\Jay\LOCALS~1\Temp\S3chipid.sys --> c:\docume~1\Jay\LOCALS~1\Temp\S3chipid.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/1/2008 3:19 PM 15656]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9/2/2008 9:00 PM 160640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-17 11:27]

2010-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]

2010-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-09 02:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A906841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f37852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2010-01-09 02:58:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-09 08:57
ComboFix2.txt 2010-01-08 20:59

Pre-Run: 25,328,832,512 bytes free
Post-Run: 25,256,677,376 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - D0D7CC112FBFE1C053A34CD8812B928A

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 9th January 2010, 7:17 pm

Please download [You must be registered and logged in to see this link.] to your desktop.
Double click on the MBR.exe to run it. A log will be produced, named MBR.log.
Please open this log in Notepad and post it's contents in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 9th January 2010, 10:30 pm

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 10th January 2010, 1:50 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\winstart.bat

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "20:TCP"=-

    Driver::
    S3chipid
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 11th January 2010, 3:32 am

ComboFix 10-01-04.01 - Jay 01/10/2010 14:22:49.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1607 [GMT -6:00]
Running from: c:\documents and settings\Jay\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jay\Desktop\CFscript.txt
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\winstart.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\winstart.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_S3CHIPID
-------\Service_S3chipid


((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-08 18:16 . 2010-01-08 19:03 -------- d-----w- C:\Combo-Fix
2010-01-07 18:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 09:05 . 2010-01-08 22:23 -------- d-----w- c:\program files\UnHackMe
2010-01-05 09:04 . 2010-01-08 21:53 -------- d-----w- c:\program files\Anti Trojan Elite
2010-01-05 07:01 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 07:01 . 2010-01-08 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 07:01 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 05:44 . 2010-01-08 22:24 -------- d-----w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com
2010-01-04 22:46 . 2010-01-04 22:46 -------- d-----w- c:\program files\CCleaner
2010-01-04 22:11 . 2010-01-04 22:11 0 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-04 20:08 . 2010-01-04 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-01-04 20:08 . 2010-01-06 21:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-04 05:08 . 2010-01-04 05:08 -------- d-----w- c:\program files\Trend Micro
2010-01-04 00:00 . 2010-01-04 00:01 -------- d-----w- c:\program files\Realtek AC97
2010-01-02 01:24 . 2010-01-02 01:50 -------- d-----w- c:\program files\Motherboard Monitor 5
2010-01-01 22:03 . 2010-01-01 22:03 -------- d-----w- c:\program files\Driver-Soft
2009-12-31 23:04 . 2009-12-31 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FarmFrenzy3_Arctica
2009-12-31 23:03 . 2009-12-31 23:34 -------- d-----w- c:\program files\Alawar
2009-12-31 20:28 . 2009-12-31 20:30 -------- d-----w- c:\documents and settings\Jay\Application Data\FLV Extract
2009-12-25 18:48 . 2009-12-25 18:48 -------- d-----w- c:\windows\system32\xlive
2009-12-25 18:15 . 2009-12-25 18:15 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\documents and settings\Jay\Application Data\CheeseSoft
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\program files\FinalUninstaller
2009-12-21 19:53 . 2009-03-31 02:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 19:53 . 2009-03-31 02:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-21 19:52 . 2009-12-21 19:52 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-21 19:50 . 2009-12-22 20:44 -------- d-----w- c:\program files\Avi2Dvd
2009-12-15 01:16 . 2009-12-15 01:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 19:32 . 2009-12-12 19:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm
2009-12-12 19:31 . 2009-12-12 19:31 -------- d-----w- c:\program files\Last.fm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 03:11 . 2008-09-02 13:58 -------- d-----w- c:\documents and settings\Jay\Application Data\WTablet
2010-01-10 20:49 . 2009-12-03 07:19 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-01-10 20:48 . 2008-09-02 22:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-01-10 20:47 . 2010-01-10 20:48 2159616 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-01-10 20:47 . 2010-01-10 20:48 314368 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-01-10 19:08 . 2009-11-18 17:04 -------- d-----w- c:\program files\PeerBlock
2010-01-10 10:28 . 2008-08-24 10:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-01-10 00:13 . 2008-07-30 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\uTorrent
2010-01-09 16:51 . 2008-07-29 00:23 -------- d-----w- c:\documents and settings\Jay\Application Data\FontExplorerX
2010-01-09 07:44 . 2010-01-09 07:46 3296256 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-01-09 07:44 . 2010-01-09 07:46 2143232 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-01-09 07:27 . 2008-07-28 02:44 -------- d-----w- c:\program files\ESET
2010-01-08 20:20 . 2008-07-30 03:10 -------- d-----w- c:\program files\uTorrent
2010-01-08 20:19 . 2009-01-16 18:26 -------- d-----w- c:\program files\eMule
2010-01-08 13:43 . 2010-01-08 17:49 2036736 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-08 06:12 . 2010-01-08 06:12 5115824 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 21:08 . 2010-01-07 21:08 388096 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 20:49 . 2008-12-24 06:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Soulseek
2010-01-07 17:11 . 2008-08-17 05:38 -------- d-----w- c:\program files\Google
2010-01-06 22:42 . 2010-01-06 22:42 1590541 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-01-05 22:50 . 2008-09-09 13:29 1 ----a-w- c:\documents and settings\Jay\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-05 22:50 . 2008-09-09 04:21 -------- d-----w- c:\documents and settings\Jay\Application Data\OpenOffice.org2
2010-01-05 09:45 . 2010-01-05 09:52 1979904 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-05 09:17 . 2010-01-05 09:21 1979392 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-05 09:06 . 2010-01-05 09:12 1983488 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-01-05 07:23 . 2008-08-10 02:14 -------- d-----w- c:\program files\Java
2010-01-05 05:44 . 2008-08-10 17:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 05:20 . 2008-07-28 03:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-01-04 21:38 . 2010-01-04 21:40 507904 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-04 21:32 . 2010-01-04 21:36 1930240 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-03 21:52 . 2009-03-03 01:30 63460 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-03 21:10 . 2010-01-03 21:12 264192 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-03 21:10 . 2010-01-03 21:12 1840640 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-02 03:46 . 2008-07-28 02:28 93176 ----a-w- c:\documents and settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 21:27 . 2010-01-01 21:29 412672 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-01 06:17 . 2008-08-11 04:18 -------- d-----w- c:\program files\Flickr Uploadr
2010-01-01 05:55 . 2008-10-05 20:12 -------- d-----w- c:\program files\dng4ps2
2009-12-31 20:25 . 2008-07-28 02:53 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-12-31 20:25 . 2008-11-26 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\Orbit
2009-12-27 04:08 . 2008-07-28 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 01:22 . 2009-12-26 09:56 1764352 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-12-26 01:22 . 2009-12-26 09:56 1259520 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-12-25 18:48 . 2009-07-04 06:27 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-24 20:29 . 2009-01-12 19:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-12-24 20:19 . 2009-01-12 19:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-24 09:10 . 2008-08-10 17:23 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-12-21 19:54 . 2009-04-27 19:48 -------- d-----w- c:\program files\Xvid
2009-12-21 19:53 . 2009-06-30 20:36 -------- d-----w- c:\program files\ffdshow
2009-12-21 03:59 . 2009-04-07 07:11 -------- d-----w- c:\program files\Free FLV Converter
2009-12-21 03:58 . 2009-09-18 05:52 -------- d-----w- c:\program files\Electronic Arts
2009-12-21 03:58 . 2009-01-21 06:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2009-12-21 03:57 . 2008-09-16 04:12 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-12-16 07:33 . 2008-11-19 04:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-16 07:33 . 2009-08-17 19:57 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-16 07:33 . 2008-11-19 04:28 38784 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-12 19:32 . 2009-12-12 19:32 100 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\uninst2.bat
2009-12-12 19:32 . 2009-12-12 19:32 683801 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-12-08 22:57 . 2009-12-08 22:57 -------- d-----w- c:\program files\Headup Games
2009-12-05 09:13 . 2009-12-05 09:13 -------- d-----w- c:\documents and settings\Jay\Application Data\Digital Film Tools
2009-12-05 09:13 . 2009-12-05 09:13 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Digital Film Tools
2009-12-05 09:09 . 2009-12-05 09:09 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{52FCF078-90CF-4370-B2F3-94A0EC63788E}
2009-12-05 09:06 . 2009-12-05 09:05 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{E4C586E0-98B5-4B03-B8FF-54A43CAD4B8C}
2009-12-05 05:04 . 2008-10-18 04:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-05 05:03 . 2009-02-14 16:55 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-05 05:03 . 2009-02-14 16:55 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-03 07:24 . 2008-07-28 03:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 07:19 . 2009-12-03 07:19 -------- d-----w- c:\program files\Zone Labs
2009-12-01 03:53 . 2009-11-25 00:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BioWare
2009-11-28 05:51 . 2008-07-28 03:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-11-25 03:51 . 2009-09-16 08:09 -------- d-----w- c:\program files\Common Files\Acronis
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\program files\Process Lasso
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\documents and settings\Jay\Application Data\ProcessLasso
2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 06:38 . 2008-07-30 03:14 -------- d-----w- c:\program files\PeerGuardian2
2009-11-19 06:33 . 2009-11-19 06:33 -------- d-----w- c:\program files\Microsoft
2009-11-19 06:33 . 2009-11-19 06:31 -------- d-----w- c:\program files\Windows Live
2009-11-19 06:32 . 2009-11-19 06:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-19 06:27 . 2009-11-19 06:27 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-13 17:27 . 2009-11-13 17:27 593920 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-12 14:08 . 2008-09-06 20:46 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-11 22:19 . 2009-11-11 22:19 375808 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-02 05:24 . 2009-11-02 09:18 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Graphic Design\00000000\maindata.sys
2009-10-31 19:11 . 2009-10-31 23:03 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Photos\00000001\maindata.sys
2009-10-29 07:46 . 2001-08-23 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-19 16:03 . 2009-10-19 16:03 1961720 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-10-13 10:30 . 2001-08-23 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2008-06-09 09:48 . 2008-06-09 05:15 768 ----a-w- c:\program files\NT Compatibility.ini
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-01-09 07:50 71846 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-01-10 20:52 71846 c:\windows\system32\perfc009.dat
+ 2010-01-10 08:29 . 2010-01-10 08:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010011020100111\index.dat
+ 2010-01-09 16:34 . 2010-01-09 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010920100110\index.dat
- 2008-07-28 01:15 . 2010-01-09 07:45 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-28 01:15 . 2010-01-10 20:48 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-28 01:15 . 2010-01-10 20:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-07-28 01:15 . 2010-01-09 07:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2001-08-23 12:00 . 2010-01-09 07:50 443588 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2010-01-10 20:52 443588 c:\windows\system32\perfh009.dat
+ 2008-07-28 01:15 . 2010-01-11 03:11 1359872 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 04:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 08:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-06-12 16:23 93120 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]
2009-04-08 05:40 207360 ----a-w- c:\program files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
2008-04-16 14:55 189056 ----a-w- c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
1998-11-24 08:00 42496 ----a-w- c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-02 12:22 577536 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Video Downloader]
2008-11-24 20:45 3257616 ----a-w- c:\program files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AnyDVD"=c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
"Google Update"="c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"GBMPro8Agent"=c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Jay\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\Wacom_Tablet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9/2/2008 9:00 PM 5248]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [7/27/2008 7:53 PM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [7/27/2008 7:53 PM 52224]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/29/2008 12:43 PM 16768]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [9/1/2008 3:19 PM 3406120]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate1c9e176f8cc07e2;Google Update Service (gupdate1c9e176f8cc07e2);c:\program files\Google\Update\GoogleUpdate.exe [5/30/2009 4:35 PM 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 BS_Flash;BS_Flash;c:\program files\Tseries BIOS Update\Award\BS_Flash.sys [7/29/2008 12:43 PM 3604]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 9:36 AM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/18/2009 11:04 AM 14424]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/1/2008 3:19 PM 15656]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9/2/2008 9:00 PM 160640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-17 11:27]

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-10 21:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A8E6841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f37852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(804)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll
c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll
c:\program files\Kolor\Autopano Pro\AutopanoShell_win32.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\WinRar\rarext.dll
c:\program files\TuneUp Utilities 2008\SDShelEx-win32.dll
c:\program files\Smith Micro\StuffIt 2009\SxShellExtEN.dll
c:\program files\Aladdin Systems\StuffIt 7.5\StuffItShellDll.dll
c:\program files\MagicISO\misosh.dll
c:\program files\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll
c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
c:\program files\7-Zip\7-zip.dll
c:\windows\system32\CmdLineExt.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-10 21:22:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-11 03:22
ComboFix2.txt 2010-01-09 08:58
ComboFix3.txt 2010-01-08 20:59

Pre-Run: 25,161,207,808 bytes free
Post-Run: 25,058,193,408 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 0D5C49117BE91765EE0C702DED1094D2

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Origin on 11th January 2010, 7:12 am

I suggest you copy these instructions into a notepad file, because we need to use safe mode and you won't have internet access to read from here.

Download [You must be registered and logged in to see this link.] and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 11th January 2010, 7:26 am

Hopefully I can restart in Safe Mode...as that is one of the reasons I posted my problem in the first place.

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 11th January 2010, 9:01 pm

Nope, still unable to start Safe Mode.

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25538
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum