Blocked safemode + redirecting links = problem

View previous topic View next topic Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 9th January 2010, 8:58 am

ComboFix 10-01-04.01 - Jay 01/09/2010 1:33.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1586 [GMT -6:00]
Running from: c:\documents and settings\Jay\Desktop\Combo-Fix.exe
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-12-09 to 2010-01-09 )))))))))))))))))))))))))))))))
.

2010-01-08 18:16 . 2010-01-08 19:03 -------- d-----w- C:\Combo-Fix
2010-01-07 18:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 09:05 . 2010-01-05 09:05 2 --shatr- c:\windows\winstart.bat
2010-01-05 09:05 . 2010-01-08 22:23 -------- d-----w- c:\program files\UnHackMe
2010-01-05 09:04 . 2010-01-08 21:53 -------- d-----w- c:\program files\Anti Trojan Elite
2010-01-05 07:01 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 07:01 . 2010-01-08 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 07:01 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 05:44 . 2010-01-08 22:24 -------- d-----w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com
2010-01-04 22:46 . 2010-01-04 22:46 -------- d-----w- c:\program files\CCleaner
2010-01-04 22:11 . 2010-01-04 22:11 0 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-04 20:08 . 2010-01-04 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-01-04 20:08 . 2010-01-06 21:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-04 05:08 . 2010-01-04 05:08 -------- d-----w- c:\program files\Trend Micro
2010-01-04 00:00 . 2010-01-04 00:01 -------- d-----w- c:\program files\Realtek AC97
2010-01-02 01:24 . 2010-01-02 01:50 -------- d-----w- c:\program files\Motherboard Monitor 5
2010-01-01 22:03 . 2010-01-01 22:03 -------- d-----w- c:\program files\Driver-Soft
2009-12-31 23:04 . 2009-12-31 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FarmFrenzy3_Arctica
2009-12-31 23:03 . 2009-12-31 23:34 -------- d-----w- c:\program files\Alawar
2009-12-31 20:28 . 2009-12-31 20:30 -------- d-----w- c:\documents and settings\Jay\Application Data\FLV Extract
2009-12-25 18:48 . 2009-12-25 18:48 -------- d-----w- c:\windows\system32\xlive
2009-12-25 18:15 . 2009-12-25 18:15 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\documents and settings\Jay\Application Data\CheeseSoft
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\program files\FinalUninstaller
2009-12-21 19:53 . 2009-03-31 02:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 19:53 . 2009-03-31 02:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-21 19:52 . 2009-12-21 19:52 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-21 19:50 . 2009-12-22 20:44 -------- d-----w- c:\program files\Avi2Dvd
2009-12-15 01:16 . 2009-12-15 01:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 19:32 . 2009-12-12 19:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm
2009-12-12 19:31 . 2009-12-12 19:31 -------- d-----w- c:\program files\Last.fm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 08:45 . 2008-09-02 13:58 -------- d-----w- c:\documents and settings\Jay\Application Data\WTablet
2010-01-09 07:47 . 2009-12-03 07:19 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-01-09 07:46 . 2008-09-02 22:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-01-09 07:44 . 2010-01-09 07:46 3296256 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-01-09 07:44 . 2010-01-09 07:46 2143232 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-01-09 07:27 . 2008-07-28 02:44 -------- d-----w- c:\program files\ESET
2010-01-08 20:20 . 2008-07-30 03:10 -------- d-----w- c:\program files\uTorrent
2010-01-08 20:19 . 2009-01-16 18:26 -------- d-----w- c:\program files\eMule
2010-01-08 13:43 . 2010-01-08 17:49 2036736 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-08 08:26 . 2008-08-24 10:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-01-08 06:12 . 2010-01-08 06:12 5115824 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-08 00:47 . 2009-11-18 17:04 -------- d-----w- c:\program files\PeerBlock
2010-01-07 21:08 . 2010-01-07 21:08 388096 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 20:49 . 2008-12-24 06:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Soulseek
2010-01-07 18:09 . 2008-07-29 00:23 -------- d-----w- c:\documents and settings\Jay\Application Data\FontExplorerX
2010-01-07 17:11 . 2008-08-17 05:38 -------- d-----w- c:\program files\Google
2010-01-06 22:42 . 2010-01-06 22:42 1590541 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-01-05 22:50 . 2008-09-09 13:29 1 ----a-w- c:\documents and settings\Jay\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-05 22:50 . 2008-09-09 04:21 -------- d-----w- c:\documents and settings\Jay\Application Data\OpenOffice.org2
2010-01-05 09:45 . 2010-01-05 09:52 1979904 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-05 09:17 . 2010-01-05 09:21 1979392 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-05 09:06 . 2010-01-05 09:12 1983488 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-01-05 07:23 . 2008-08-10 02:14 -------- d-----w- c:\program files\Java
2010-01-05 05:44 . 2008-08-10 17:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 05:20 . 2008-07-28 03:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-01-04 21:38 . 2010-01-04 21:40 507904 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-04 21:32 . 2010-01-04 21:36 1930240 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-03 21:52 . 2009-03-03 01:30 63460 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-03 21:10 . 2010-01-03 21:12 264192 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-03 21:10 . 2010-01-03 21:12 1840640 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-03 18:31 . 2008-07-30 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\uTorrent
2010-01-02 03:46 . 2008-07-28 02:28 93176 ----a-w- c:\documents and settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 21:27 . 2010-01-01 21:29 412672 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-01 06:17 . 2008-08-11 04:18 -------- d-----w- c:\program files\Flickr Uploadr
2010-01-01 05:55 . 2008-10-05 20:12 -------- d-----w- c:\program files\dng4ps2
2009-12-31 20:25 . 2008-07-28 02:53 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-12-31 20:25 . 2008-11-26 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\Orbit
2009-12-27 04:08 . 2008-07-28 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 01:22 . 2009-12-26 09:56 1764352 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-12-26 01:22 . 2009-12-26 09:56 1259520 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-12-25 18:48 . 2009-07-04 06:27 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-24 20:29 . 2009-01-12 19:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-12-24 20:19 . 2009-01-12 19:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-24 09:10 . 2008-08-10 17:23 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-12-21 19:54 . 2009-04-27 19:48 -------- d-----w- c:\program files\Xvid
2009-12-21 19:53 . 2009-06-30 20:36 -------- d-----w- c:\program files\ffdshow
2009-12-21 03:59 . 2009-04-07 07:11 -------- d-----w- c:\program files\Free FLV Converter
2009-12-21 03:58 . 2009-09-18 05:52 -------- d-----w- c:\program files\Electronic Arts
2009-12-21 03:58 . 2009-01-21 06:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2009-12-21 03:57 . 2008-09-16 04:12 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-12-16 07:33 . 2008-11-19 04:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-16 07:33 . 2009-08-17 19:57 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-16 07:33 . 2008-11-19 04:28 38784 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-12 19:32 . 2009-12-12 19:32 100 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\uninst2.bat
2009-12-12 19:32 . 2009-12-12 19:32 683801 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-12-08 22:57 . 2009-12-08 22:57 -------- d-----w- c:\program files\Headup Games
2009-12-05 09:13 . 2009-12-05 09:13 -------- d-----w- c:\documents and settings\Jay\Application Data\Digital Film Tools
2009-12-05 09:13 . 2009-12-05 09:13 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Digital Film Tools
2009-12-05 09:09 . 2009-12-05 09:09 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{52FCF078-90CF-4370-B2F3-94A0EC63788E}
2009-12-05 09:06 . 2009-12-05 09:05 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{E4C586E0-98B5-4B03-B8FF-54A43CAD4B8C}
2009-12-05 05:04 . 2008-10-18 04:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-05 05:03 . 2009-02-14 16:55 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-05 05:03 . 2009-02-14 16:55 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-03 07:24 . 2008-07-28 03:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 07:19 . 2009-12-03 07:19 -------- d-----w- c:\program files\Zone Labs
2009-12-01 03:53 . 2009-11-25 00:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BioWare
2009-11-28 05:51 . 2008-07-28 03:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-11-25 03:51 . 2009-09-16 08:09 -------- d-----w- c:\program files\Common Files\Acronis
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\program files\Process Lasso
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\documents and settings\Jay\Application Data\ProcessLasso
2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 06:38 . 2008-07-30 03:14 -------- d-----w- c:\program files\PeerGuardian2
2009-11-19 06:33 . 2009-11-19 06:33 -------- d-----w- c:\program files\Microsoft
2009-11-19 06:33 . 2009-11-19 06:31 -------- d-----w- c:\program files\Windows Live
2009-11-19 06:32 . 2009-11-19 06:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-19 06:27 . 2009-11-19 06:27 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-13 17:27 . 2009-11-13 17:27 593920 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-12 14:08 . 2008-09-06 20:46 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-11 22:19 . 2009-11-11 22:19 375808 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-02 05:24 . 2009-11-02 09:18 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Graphic Design\00000000\maindata.sys
2009-10-31 19:11 . 2009-10-31 23:03 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Photos\00000001\maindata.sys
2009-10-29 07:46 . 2001-08-23 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-19 16:03 . 2009-10-19 16:03 1961720 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-10-13 10:30 . 2001-08-23 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-23 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-23 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-06-09 09:48 . 2008-06-09 05:15 768 ----a-w- c:\program files\NT Compatibility.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 04:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 08:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-06-12 16:23 93120 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]
2009-04-08 05:40 207360 ----a-w- c:\program files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
2008-04-16 14:55 189056 ----a-w- c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
1998-11-24 08:00 42496 ----a-w- c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-02 12:22 577536 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Video Downloader]
2008-11-24 20:45 3257616 ----a-w- c:\program files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AnyDVD"=c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
"Google Update"="c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"GBMPro8Agent"=c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Jay\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\Wacom_Tablet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"20:TCP"= 20:TCP:FTP-Data

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9/2/2008 9:00 PM 5248]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [7/27/2008 7:53 PM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [7/27/2008 7:53 PM 52224]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/29/2008 12:43 PM 16768]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [9/1/2008 3:19 PM 3406120]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate1c9e176f8cc07e2;Google Update Service (gupdate1c9e176f8cc07e2);c:\program files\Google\Update\GoogleUpdate.exe [5/30/2009 4:35 PM 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 BS_Flash;BS_Flash;c:\program files\Tseries BIOS Update\Award\BS_Flash.sys [7/29/2008 12:43 PM 3604]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 9:36 AM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/18/2009 11:04 AM 14424]
S3 S3chipid;S3chipid;\??\c:\docume~1\Jay\LOCALS~1\Temp\S3chipid.sys --> c:\docume~1\Jay\LOCALS~1\Temp\S3chipid.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/1/2008 3:19 PM 15656]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9/2/2008 9:00 PM 160640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-17 11:27]

2010-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]

2010-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-09 02:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A906841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f37852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2010-01-09 02:58:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-09 08:57
ComboFix2.txt 2010-01-08 20:59

Pre-Run: 25,328,832,512 bytes free
Post-Run: 25,256,677,376 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - D0D7CC112FBFE1C053A34CD8812B928A

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 9th January 2010, 7:17 pm

Please download [You must be registered and logged in to see this link.] to your desktop.
Double click on the MBR.exe to run it. A log will be produced, named MBR.log.
Please open this log in Notepad and post it's contents in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 9th January 2010, 10:30 pm

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Belahzur on 10th January 2010, 1:50 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\winstart.bat

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "20:TCP"=-

    Driver::
    S3chipid
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 11th January 2010, 3:32 am

ComboFix 10-01-04.01 - Jay 01/10/2010 14:22:49.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1607 [GMT -6:00]
Running from: c:\documents and settings\Jay\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jay\Desktop\CFscript.txt
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\winstart.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\winstart.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_S3CHIPID
-------\Service_S3chipid


((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-08 18:16 . 2010-01-08 19:03 -------- d-----w- C:\Combo-Fix
2010-01-07 18:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 09:05 . 2010-01-08 22:23 -------- d-----w- c:\program files\UnHackMe
2010-01-05 09:04 . 2010-01-08 21:53 -------- d-----w- c:\program files\Anti Trojan Elite
2010-01-05 07:01 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 07:01 . 2010-01-08 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 07:01 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 05:44 . 2010-01-08 22:24 -------- d-----w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com
2010-01-04 22:46 . 2010-01-04 22:46 -------- d-----w- c:\program files\CCleaner
2010-01-04 22:11 . 2010-01-04 22:11 0 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-04 20:08 . 2010-01-04 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-01-04 20:08 . 2010-01-06 21:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-04 05:08 . 2010-01-04 05:08 -------- d-----w- c:\program files\Trend Micro
2010-01-04 00:00 . 2010-01-04 00:01 -------- d-----w- c:\program files\Realtek AC97
2010-01-02 01:24 . 2010-01-02 01:50 -------- d-----w- c:\program files\Motherboard Monitor 5
2010-01-01 22:03 . 2010-01-01 22:03 -------- d-----w- c:\program files\Driver-Soft
2009-12-31 23:04 . 2009-12-31 23:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FarmFrenzy3_Arctica
2009-12-31 23:03 . 2009-12-31 23:34 -------- d-----w- c:\program files\Alawar
2009-12-31 20:28 . 2009-12-31 20:30 -------- d-----w- c:\documents and settings\Jay\Application Data\FLV Extract
2009-12-25 18:48 . 2009-12-25 18:48 -------- d-----w- c:\windows\system32\xlive
2009-12-25 18:15 . 2009-12-25 18:15 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\documents and settings\Jay\Application Data\CheeseSoft
2009-12-24 20:02 . 2009-12-24 20:02 -------- d-----w- c:\program files\FinalUninstaller
2009-12-21 19:53 . 2009-03-31 02:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-21 19:53 . 2009-03-31 02:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-21 19:52 . 2009-12-21 19:52 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-21 19:50 . 2009-12-22 20:44 -------- d-----w- c:\program files\Avi2Dvd
2009-12-15 01:16 . 2009-12-15 01:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 19:32 . 2009-12-12 19:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm
2009-12-12 19:31 . 2009-12-12 19:31 -------- d-----w- c:\program files\Last.fm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 03:11 . 2008-09-02 13:58 -------- d-----w- c:\documents and settings\Jay\Application Data\WTablet
2010-01-10 20:49 . 2009-12-03 07:19 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-01-10 20:48 . 2008-09-02 22:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-01-10 20:47 . 2010-01-10 20:48 2159616 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-01-10 20:47 . 2010-01-10 20:48 314368 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-01-10 19:08 . 2009-11-18 17:04 -------- d-----w- c:\program files\PeerBlock
2010-01-10 10:28 . 2008-08-24 10:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-01-10 00:13 . 2008-07-30 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\uTorrent
2010-01-09 16:51 . 2008-07-29 00:23 -------- d-----w- c:\documents and settings\Jay\Application Data\FontExplorerX
2010-01-09 07:44 . 2010-01-09 07:46 3296256 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-01-09 07:44 . 2010-01-09 07:46 2143232 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-01-09 07:27 . 2008-07-28 02:44 -------- d-----w- c:\program files\ESET
2010-01-08 20:20 . 2008-07-30 03:10 -------- d-----w- c:\program files\uTorrent
2010-01-08 20:19 . 2009-01-16 18:26 -------- d-----w- c:\program files\eMule
2010-01-08 13:43 . 2010-01-08 17:49 2036736 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-08 06:12 . 2010-01-08 06:12 5115824 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 21:08 . 2010-01-07 21:08 388096 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 20:49 . 2008-12-24 06:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Soulseek
2010-01-07 17:11 . 2008-08-17 05:38 -------- d-----w- c:\program files\Google
2010-01-06 22:42 . 2010-01-06 22:42 1590541 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-01-05 22:50 . 2008-09-09 13:29 1 ----a-w- c:\documents and settings\Jay\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-05 22:50 . 2008-09-09 04:21 -------- d-----w- c:\documents and settings\Jay\Application Data\OpenOffice.org2
2010-01-05 09:45 . 2010-01-05 09:52 1979904 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-05 09:17 . 2010-01-05 09:21 1979392 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-05 09:06 . 2010-01-05 09:12 1983488 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-01-05 07:23 . 2008-08-10 02:14 -------- d-----w- c:\program files\Java
2010-01-05 05:44 . 2008-08-10 17:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 05:20 . 2008-07-28 03:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-01-04 21:38 . 2010-01-04 21:40 507904 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-04 21:32 . 2010-01-04 21:36 1930240 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-03 21:52 . 2009-03-03 01:30 63460 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-03 21:10 . 2010-01-03 21:12 264192 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-03 21:10 . 2010-01-03 21:12 1840640 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-02 03:46 . 2008-07-28 02:28 93176 ----a-w- c:\documents and settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 21:27 . 2010-01-01 21:29 412672 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-01 06:17 . 2008-08-11 04:18 -------- d-----w- c:\program files\Flickr Uploadr
2010-01-01 05:55 . 2008-10-05 20:12 -------- d-----w- c:\program files\dng4ps2
2009-12-31 20:25 . 2008-07-28 02:53 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-12-31 20:25 . 2008-11-26 03:10 -------- d-----w- c:\documents and settings\Jay\Application Data\Orbit
2009-12-27 04:08 . 2008-07-28 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 01:22 . 2009-12-26 09:56 1764352 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-12-26 01:22 . 2009-12-26 09:56 1259520 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-12-25 18:48 . 2009-07-04 06:27 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-24 20:29 . 2009-01-12 19:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-12-24 20:19 . 2009-01-12 19:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-24 09:10 . 2008-08-10 17:23 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-12-21 19:54 . 2009-04-27 19:48 -------- d-----w- c:\program files\Xvid
2009-12-21 19:53 . 2009-06-30 20:36 -------- d-----w- c:\program files\ffdshow
2009-12-21 03:59 . 2009-04-07 07:11 -------- d-----w- c:\program files\Free FLV Converter
2009-12-21 03:58 . 2009-09-18 05:52 -------- d-----w- c:\program files\Electronic Arts
2009-12-21 03:58 . 2009-01-21 06:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2009-12-21 03:57 . 2008-09-16 04:12 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-12-16 07:33 . 2008-11-19 04:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-16 07:33 . 2009-08-17 19:57 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-16 07:33 . 2008-11-19 04:28 38784 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-15 04:54 . 2009-03-03 13:56 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-12-12 19:32 . 2009-12-12 19:32 100 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\uninst2.bat
2009-12-12 19:32 . 2009-12-12 19:32 683801 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-12-08 22:57 . 2009-12-08 22:57 -------- d-----w- c:\program files\Headup Games
2009-12-05 09:13 . 2009-12-05 09:13 -------- d-----w- c:\documents and settings\Jay\Application Data\Digital Film Tools
2009-12-05 09:13 . 2009-12-05 09:13 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Digital Film Tools
2009-12-05 09:09 . 2009-12-05 09:09 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{52FCF078-90CF-4370-B2F3-94A0EC63788E}
2009-12-05 09:06 . 2009-12-05 09:05 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{E4C586E0-98B5-4B03-B8FF-54A43CAD4B8C}
2009-12-05 05:04 . 2008-10-18 04:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-05 05:03 . 2009-02-14 16:55 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-05 05:03 . 2009-02-14 16:55 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-03 07:24 . 2008-07-28 03:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 07:19 . 2009-12-03 07:19 -------- d-----w- c:\program files\Zone Labs
2009-12-01 03:53 . 2009-11-25 00:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BioWare
2009-11-28 05:51 . 2008-07-28 03:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-11-25 03:51 . 2009-09-16 08:09 -------- d-----w- c:\program files\Common Files\Acronis
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\program files\Process Lasso
2009-11-23 10:56 . 2009-11-23 10:56 -------- d-----w- c:\documents and settings\Jay\Application Data\ProcessLasso
2009-11-21 15:51 . 2001-08-23 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 06:38 . 2008-07-30 03:14 -------- d-----w- c:\program files\PeerGuardian2
2009-11-19 06:33 . 2009-11-19 06:33 -------- d-----w- c:\program files\Microsoft
2009-11-19 06:33 . 2009-11-19 06:31 -------- d-----w- c:\program files\Windows Live
2009-11-19 06:32 . 2009-11-19 06:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-19 06:27 . 2009-11-19 06:27 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-13 17:27 . 2009-11-13 17:27 593920 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-12 14:08 . 2008-09-06 20:46 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-11 22:19 . 2009-11-11 22:19 375808 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-02 05:24 . 2009-11-02 09:18 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Graphic Design\00000000\maindata.sys
2009-10-31 19:11 . 2009-10-31 23:03 1109 ----a-w- c:\documents and settings\Jay\Application Data\Genie-soft\GBMPro8\Jobs\Photos\00000001\maindata.sys
2009-10-29 07:46 . 2001-08-23 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-19 16:03 . 2009-10-19 16:03 1961720 ----a-w- c:\documents and settings\Jay\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-10-13 10:30 . 2001-08-23 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2008-06-09 09:48 . 2008-06-09 05:15 768 ----a-w- c:\program files\NT Compatibility.ini
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-01-09 07:50 71846 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-01-10 20:52 71846 c:\windows\system32\perfc009.dat
+ 2010-01-10 08:29 . 2010-01-10 08:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010011020100111\index.dat
+ 2010-01-09 16:34 . 2010-01-09 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010010920100110\index.dat
- 2008-07-28 01:15 . 2010-01-09 07:45 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-28 01:15 . 2010-01-10 20:48 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-28 01:15 . 2010-01-10 20:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-07-28 01:15 . 2010-01-09 07:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2001-08-23 12:00 . 2010-01-09 07:50 443588 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2010-01-10 20:52 443588 c:\windows\system32\perfh009.dat
+ 2008-07-28 01:15 . 2010-01-11 03:11 1359872 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 577536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 04:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 08:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-06-12 16:23 93120 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]
2009-04-08 05:40 207360 ----a-w- c:\program files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
2008-04-16 14:55 189056 ----a-w- c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
1998-11-24 08:00 42496 ----a-w- c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-02 12:22 577536 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Video Downloader]
2008-11-24 20:45 3257616 ----a-w- c:\program files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AnyDVD"=c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
"Google Update"="c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"GBMPro8Agent"=c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Jay\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\Wacom_Tablet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9/2/2008 9:00 PM 5248]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [7/27/2008 7:53 PM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [7/27/2008 7:53 PM 52224]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/29/2008 12:43 PM 16768]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [9/1/2008 3:19 PM 3406120]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate1c9e176f8cc07e2;Google Update Service (gupdate1c9e176f8cc07e2);c:\program files\Google\Update\GoogleUpdate.exe [5/30/2009 4:35 PM 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 BS_Flash;BS_Flash;c:\program files\Tseries BIOS Update\Award\BS_Flash.sys [7/29/2008 12:43 PM 3604]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 9:36 AM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/18/2009 11:04 AM 14424]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/1/2008 3:19 PM 15656]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9/2/2008 9:00 PM 160640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-01-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-17 11:27]

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\gpkthl5f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-10 21:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A8E6841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f37852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(804)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll
c:\program files\Avi2Dvd\Programs\Filters\Haali media splitter\mkunicode.dll
c:\program files\Kolor\Autopano Pro\AutopanoShell_win32.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\WinRar\rarext.dll
c:\program files\TuneUp Utilities 2008\SDShelEx-win32.dll
c:\program files\Smith Micro\StuffIt 2009\SxShellExtEN.dll
c:\program files\Aladdin Systems\StuffIt 7.5\StuffItShellDll.dll
c:\program files\MagicISO\misosh.dll
c:\program files\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll
c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
c:\program files\7-Zip\7-zip.dll
c:\windows\system32\CmdLineExt.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Smith Micro\StuffIt 2009\ArcNameService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-10 21:22:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-11 03:22
ComboFix2.txt 2010-01-09 08:58
ComboFix3.txt 2010-01-08 20:59

Pre-Run: 25,161,207,808 bytes free
Post-Run: 25,058,193,408 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 0D5C49117BE91765EE0C702DED1094D2

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by Origin on 11th January 2010, 7:12 am

I suggest you copy these instructions into a notepad file, because we need to use safe mode and you won't have internet access to read from here.

Download [You must be registered and logged in to see this link.] and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 11th January 2010, 7:26 am

Hopefully I can restart in Safe Mode...as that is one of the reasons I posted my problem in the first place.

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25528
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Blocked safemode + redirecting links = problem

Post by jaylarson on 11th January 2010, 9:01 pm

Nope, still unable to start Safe Mode.

jaylarson
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-01-07
OS OS : Windows XP
Points Points : 25528
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum