Hijack Log Help Please

Thread Status:
Not open for further replies.
  1. ssmith411

    ssmith411 New Member Bronze Member

    Joined:
    Apr 4, 2010
    Posts:
    10
    Likes Received:
    0
    Local time:
    15:40
    My System
    Loading...

    was hoping i could get some help with this nasty little problem Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:59:36 PM, on 4/4/2010
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.com
    O1 - Hosts: 94.228.209.236 google.com.au
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.be
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.com.br
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.ca
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.ch
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.de
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.dk
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.fr
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.ie
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.it
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.co.jp
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.nl
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.no
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.co.nz
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.pl
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.se
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.co.uk
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 google.co.za
    O1 - Hosts: 94.228.209.236 Google
    O1 - Hosts: 94.228.209.236 Google Analytics | Official Website
    O1 - Hosts: 94.228.209.236 Bing
    O1 - Hosts: 94.228.209.236 search.yahoo.com
    O1 - Hosts: 94.228.209.236 Yahoo! Search - Web Search
    O1 - Hosts: 94.228.209.236 uk.search.yahoo.com
    O1 - Hosts: 94.228.209.236 ca.search.yahoo.com
    O1 - Hosts: 94.228.209.236 de.search.yahoo.com
    O1 - Hosts: 94.228.209.236 fr.search.yahoo.com
    O1 - Hosts: 94.228.209.236 au.search.yahoo.com
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
    O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\dell user\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\dell user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download By FlashGet3 - C:\Users\dell user\AppData\Roaming\FlashGetBHO\GetUrl.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://software.kuaiche.com
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/2517...d.akamai.com/25175/citrix/icaweb-20070115.cab
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1233344379516
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263574325087
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{527A5103-B135-4B69-9705-9AA3232B5FDA}: NameServer = 93.188.163.154,93.188.161.86
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.154,93.188.161.86
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.154,93.188.161.86
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.154,93.188.161.86
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9c6a7282d00a1) (gupdate1c9c6a7282d00a1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    --
    End of file - 12395 bytes
  2. Hengis

    Hengis Proud PCHF'er since 2004 Tech Member Elite Member

    Joined:
    Jan 1, 2004
    Posts:
    39,703
    Likes Received:
    5,037
    Location:
    Southern UK
    Local time:
    15:40
    My System
    Loading...

    **Please do NOT double post - your other thread has been deleted. **

    Hi there and welcome to PC Help Forum

    We have an excellent tried and tested formula for gathering all of the information we need to help you with Malware and Spyware. Please visit this link: http://www.pchelpforum.com/new-hija...-posting-your-hijackthis-log-aka-prework.html and follow the instructions.

    Once you have the required logs a member of the PC Security Team will help you through the important "fixing" stage.
  3. ssmith411

    ssmith411 New Member Bronze Member

    Joined:
    Apr 4, 2010
    Posts:
    10
    Likes Received:
    0
    Local time:
    15:40
    My System
    Loading...

    Oops...sorry, didn't see that....will follow directions to the t.

    thanks
  4. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    00:40
    My System
    Loading...

    You have a DNS hijack.

    Go to Start , select Run > In the box type cmd.exe
    In the Dos window copy and paste this: ipconfig /flushdns and then press 'enter'


    ======================

    Please run both these programs.

    Please download Malwarebytes' Anti-Malware from one of these places:
    |MG| Malwarebytes Anti-Malware 1.45 Download
    Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com


    Double Click mbam-setup.exe to install the application.
    If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy&Paste the entire report in your next reply.

    ===============================================

    Download Combofix and place it on your Desktop.

    http://www.forospyware.com/sUBs/ComboFix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.
    You can get help on disabling your protection programs here : How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    Please include the C:\ComboFix.txt in your next reply for further review.

    Caution.....
    Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper
  5. ssmith411

    ssmith411 New Member Bronze Member

    Joined:
    Apr 4, 2010
    Posts:
    10
    Likes Received:
    0
    Local time:
    15:40
    My System
    Loading...

    I see the posts describing wht to do but my log from OTL havent been uploded yet, they keep getting stuck ...so I;m not sure how to treat above message
  6. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    00:40
    My System
    Loading...

    Dont worry about OTL.Just carry out the fixes I have posted.
  7. ssmith411

    ssmith411 New Member Bronze Member

    Joined:
    Apr 4, 2010
    Posts:
    10
    Likes Received:
    0
    Local time:
    15:40
    My System
    Loading...

    Malwarebytes' Anti-Malware 1.45
    Malwarebytes

    Database version: 3930

    Windows 6.0.6000
    Internet Explorer 7.0.6000.16609

    4/4/2010 7:22:47 PM
    mbam-log-2010-04-04 (19-22-47).txt

    Scan type: Quick scan
    Objects scanned: 110457
    Time elapsed: 11 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 1
    Files Infected: 7

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.154,93.188.161.86 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{527a5103-b135-4b69-9705-9aa3232b5fda}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.154,93.188.161.86 -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Users\dell user\AppData\Roaming\My Security Wall (Rogue.MySecurityWall) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Users\dell user\AppData\Local\Temp\000067d3 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Users\dell user\AppData\Roaming\My Security Wall\cookies.sqlite (Rogue.MySecurityWall) -> Quarantined and deleted successfully.
    C:\Users\dell user\AppData\Local\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
    C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Users\dell user\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
  8. ssmith411

    ssmith411 New Member Bronze Member

    Joined:
    Apr 4, 2010
    Posts:
    10
    Likes Received:
    0
    Local time:
    15:40
    My System
    Loading...

    Some things are more normal, but when I try to run Combofix i get a messge saying its not safe and to download it from bleepingcomputer......now the program dissppeared. doewnlodimg again from bleeping computer
  9. ssmith411

    ssmith411 New Member Bronze Member

    Joined:
    Apr 4, 2010
    Posts:
    10
    Likes Received:
    0
    Local time:
    15:40
    My System
    Loading...

    Kept flashing error messages while it was opening, followed by a final one saying it has a virus and to download it again, as before, from same place.
  10. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    00:40
    My System
    Loading...

    The link is working fine for me....Ok.Download it on another computer and transfer it to yours using a thumb drive and then run it.
  11. ssmith411

    ssmith411 New Member Bronze Member

    Joined:
    Apr 4, 2010
    Posts:
    10
    Likes Received:
    0
    Local time:
    15:40
    My System
    Loading...

    Combofix has "dissapeared" after attempting to run it once....I dont have another computer from which to download it....so I seem to be stuck. I ran Malwarebytes again nd no viruses found, but something is preventing Combofix from running.
  12. ssmith411

    ssmith411 New Member Bronze Member

    Joined:
    Apr 4, 2010
    Posts:
    10
    Likes Received:
    0
    Local time:
    15:40
    My System
    Loading...

    Running Antispyware and found some more viruses, removed them, then I'm gonna download Combofix again and see what happens.
  13. ssmith411

    ssmith411 New Member Bronze Member

    Joined:
    Apr 4, 2010
    Posts:
    10
    Likes Received:
    0
    Local time:
    15:40
    My System
    Loading...

    OK...Combofix ran smoothly,,,here's the Logfile

    ComboFix 10-04-04.01 - dell user 04/05/2010 11:41:16.1.2 - x86
    Running from: c:\users\dell user\Desktop\ComboFix.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
    C:\Autorun.inf
    c:\program files\FlashGet Network
    c:\program files\FlashGet Network\FlashGet 3\adns.dll
    c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
    c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
    c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
    c:\program files\FlashGet Network\FlashGet 3\cd1.ico
    c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
    c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
    c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
    c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
    c:\program files\FlashGet Network\FlashGet 3\config\clients.met
    c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
    c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
    c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
    c:\program files\FlashGet Network\FlashGet 3\config\known.met
    c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
    c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
    c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
    c:\program files\FlashGet Network\FlashGet 3\config\server.met
    c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
    c:\program files\FlashGet Network\FlashGet 3\config\upload.met
    c:\program files\FlashGet Network\FlashGet 3\corestat.dll
    c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
    c:\program files\FlashGet Network\FlashGet 3\fg.ico
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
    c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
    c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
    c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
    c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
    c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
    c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
    c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
    c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
    c:\program files\FlashGet Network\FlashGet 3\game.ico
    c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
    c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
    c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
    c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
    c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
    c:\program files\FlashGet Network\FlashGet 3\libem.dll
    c:\program files\FlashGet Network\FlashGet 3\license.txt
    c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
    c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
    c:\program files\FlashGet Network\FlashGet 3\p2pcore.dll
    c:\program files\FlashGet Network\FlashGet 3\p2score.dll
    c:\program files\FlashGet Network\FlashGet 3\perf.ini
    c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
    c:\program files\FlashGet Network\FlashGet 3\pstat.dat
    c:\program files\FlashGet Network\FlashGet 3\pup.dat
    c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
    c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
    c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
    c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
    c:\program files\FlashGet Network\FlashGet 3\storage.dll
    c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
    c:\program files\FlashGet Network\FlashGet 3\uninst.exe
    c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
    c:\program files\FlashGet Network\FlashGet 3\zlib.dll
    c:\program files\Mozilla Firefox\searchplugins\search.xml
    c:\programdata\Microsoft AData
    c:\programdata\Microsoft AData\t.sid
    c:\users\dell user\AppData\Roaming\BITS
    c:\users\dell user\AppData\Roaming\BITS\BITS.ini
    c:\users\dell user\AppData\Roaming\BITS\DHTTable.dat
    c:\users\dell user\AppData\Roaming\BITS\ProxyList.ini
    c:\users\dell user\AppData\Roaming\BITS\UPnP.ini
    c:\users\dell user\AppData\Roaming\FlashGetBHO
    c:\users\dell user\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    c:\users\dell user\AppData\Roaming\FlashGetBHO\FlashGetHook.dll
    c:\users\dell user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    c:\users\dell user\AppData\Roaming\FlashGetBHO\GetUrl.htm
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\jestertb.dll
    c:\windows\msvrc20.dll
    c:\windows\system32\secustat.dat
    c:\windows\system32\SHELLLNK.TLB
    c:\windows\system32\test.dll
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))
    .
    2010-04-05 18:53 . 2010-04-05 18:54 -------- d-----w- c:\users\dell user\AppData\Local\temp
    2010-04-05 18:53 . 2010-04-05 18:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-04-05 18:35 . 2010-04-05 18:38 -------- d-----w- C:\32788R22FWJFW
    2010-04-03 02:41 . 2010-04-03 02:42 6392168 ----a-w- c:\users\dell user\AppData\Roaming\FlashGet\v3\dat\update\fgcnrc_20100312_1319_3.4.0.1098.exe
    2010-04-02 18:46 . 2010-04-03 02:42 891 ----a-w- c:\windows\system32\secushr.dat
    2010-04-02 15:30 . 2009-04-09 22:03 57407 ----a-w- c:\users\dell user\AppData\Roaming\Mozilla\Firefox\Profiles\fopccb2m.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
    2010-04-02 15:30 . 2010-04-02 15:30 183808 --sha-w- c:\users\dell user\AppData\Local\2927340765.dll
    2010-04-02 14:41 . 2010-04-02 14:41 1925088 ----a-w- c:\users\dell user\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2010-04-02 14:30 . 2010-04-05 18:28 -------- d-----w- c:\users\dell user\AppData\Roaming\DMCache
    2010-04-02 14:30 . 2010-04-03 00:22 -------- d-----w- c:\users\dell user\AppData\Roaming\IDM
    2010-04-02 14:30 . 2010-04-02 14:30 198064 ----a-w- c:\users\dell user\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
    2010-04-02 14:30 . 2010-04-03 07:12 -------- d-----w- c:\program files\Internet Download Manager
    2010-03-31 07:36 . 2010-04-02 12:13 -------- d-----w- c:\users\dell user\AppData\Roaming\GetRight
    2010-03-31 07:35 . 2010-03-31 07:35 -------- d-----w- c:\program files\GetRight
    2010-03-31 07:29 . 2010-03-31 08:41 -------- d-----w- c:\users\dell user\AppData\Roaming\SlimBrowser
    2010-03-27 09:25 . 2010-03-27 09:25 907 ----a-w- c:\programdata\SecTaskMan\icn_F942F94A19C0F79468FD2B85E5E8677B.dll
    2010-03-25 10:02 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-03-25 10:02 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-03-25 10:02 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
    2010-03-25 10:02 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
    2010-03-25 10:02 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
    2010-03-25 10:02 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
    2010-03-25 10:02 . 2010-03-14 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-03-25 10:02 . 2010-04-02 14:17 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-03-23 13:20 . 2010-04-02 14:17 -------- d-----w- c:\program files\ConvertHelper
    2010-03-13 15:32 . 2010-03-13 15:32 51 ----a-w- c:\programdata\SecTaskMan\icn_30A4452B0D01E5E4AB963026FF2CD081.dll
    2010-03-13 12:07 . 2010-03-13 12:07 7 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
    2010-03-13 10:16 . 2010-03-13 10:16 51 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
    2010-03-12 15:16 . 2010-03-12 15:16 33 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
    2010-03-12 15:06 . 2010-03-13 11:10 40 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
    2010-03-12 14:45 . 2010-03-12 14:45 29 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\cb.drv
    2010-03-12 12:45 . 2010-03-12 12:45 63 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
    2010-03-12 10:47 . 2010-03-12 10:47 41 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
    2010-03-12 09:48 . 2010-03-12 09:48 38 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
    2010-03-12 09:16 . 2010-03-12 09:16 30 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
    2010-03-12 08:43 . 2010-03-12 08:43 49 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
    2010-03-12 08:05 . 2010-03-12 13:18 33 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
    2010-03-12 07:20 . 2010-03-12 07:20 56 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
    2010-03-12 07:09 . 2010-03-12 07:09 31 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
    2010-03-12 06:59 . 2010-03-12 14:25 75 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
    2010-03-12 06:47 . 2010-03-12 06:47 36 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
    2010-03-12 06:20 . 2010-03-12 06:20 17 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
    2010-03-12 06:06 . 2010-03-12 06:06 73 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-05 17:25 . 2009-01-03 15:43 49715 ----a-w- c:\programdata\nvModes.dat
    2010-04-05 17:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2010-04-05 17:12 . 2008-01-01 11:56 -------- d-----w- c:\users\dell user\AppData\Roaming\The Bat!
    2010-04-05 17:12 . 2009-11-01 21:55 -------- d-----w- c:\program files\AVG
    2010-04-05 17:12 . 2009-11-01 21:55 -------- d-----w- c:\programdata\avg8
    2010-04-05 17:08 . 2010-01-16 00:37 117760 ----a-w- c:\users\dell user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-04-05 02:29 . 2010-01-14 22:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-04 19:07 . 2009-11-15 02:06 -------- d-----w- c:\programdata\SecTaskMan
    2010-04-04 07:30 . 2009-09-21 15:13 -------- d-----w- c:\users\dell user\AppData\Roaming\vlc
    2010-04-02 18:03 . 2009-11-22 18:51 -------- d-----w- c:\program files\Orbitdownloader
    2010-04-02 16:14 . 2007-06-05 12:25 1356 ----a-w- c:\users\dell user\AppData\Local\d3d9caps.dat
    2010-04-02 15:02 . 2008-01-16 06:52 -------- d-----w- c:\users\dell user\AppData\Roaming\FlashGet
    2010-04-02 14:32 . 2009-11-22 18:51 -------- d-----w- c:\users\dell user\AppData\Roaming\Orbit
    2010-04-02 14:17 . 2010-02-28 21:56 -------- d-----w- c:\program files\Easy CD-DA Extractor 12
    2010-04-02 14:17 . 2010-01-16 00:36 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-04-02 14:17 . 2009-11-15 03:26 -------- d-----w- c:\program files\Wise Registry Cleaner
    2010-04-02 14:17 . 2007-12-12 23:07 -------- d-----w- c:\program files\DivX
    2010-04-02 14:17 . 2009-11-04 16:04 -------- d-----w- c:\program files\AGEIA Technologies
    2010-04-02 14:17 . 2009-11-04 16:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-04-02 14:17 . 2010-02-12 11:35 -------- d-sh--w- c:\programdata\a0a61a3
    2010-04-01 20:07 . 2007-05-29 08:25 136504 ----a-w- c:\users\dell user\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-03-29 22:24 . 2010-01-14 22:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 22:24 . 2010-01-14 22:23 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-29 07:30 . 2008-04-19 19:56 -------- d-----w- c:\users\dell user\AppData\Roaming\U3
    2010-03-25 14:13 . 2009-01-04 03:06 -------- d-----w- c:\program files\AVS4YOU
    2010-03-25 10:46 . 2008-12-23 06:21 -------- d-----w- c:\users\dell user\AppData\Roaming\Azureus
    2010-03-16 20:04 . 2009-12-18 12:05 -------- d-----w- c:\users\dell user\AppData\Roaming\VistaCodecs
    2010-03-16 20:04 . 2009-09-22 03:35 -------- d-----w- c:\programdata\VistaCodecs
    2010-03-13 10:30 . 2010-02-12 21:44 9 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
    2010-03-12 14:14 . 2010-02-13 00:50 58 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
    2010-03-12 14:04 . 2010-02-13 00:50 12 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
    2010-03-12 12:06 . 2010-02-13 00:50 28 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
    2010-03-12 07:30 . 2010-02-12 22:25 68 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
    2010-03-12 05:51 . 2010-02-12 22:35 40 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
    2010-03-11 01:17 . 2010-02-12 23:07 64 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
    2010-03-06 16:42 . 2008-01-04 09:16 12 ----a-w- c:\windows\bthservsdp.dat
    2010-02-28 23:21 . 2007-10-20 18:20 -------- d-----w- c:\program files\Siber Systems
    2010-02-28 23:21 . 2007-11-30 06:24 -------- d-----w- c:\users\dell user\AppData\Roaming\GoodSync
    2010-02-28 23:11 . 2009-01-03 21:22 -------- d-----w- c:\users\dell user\AppData\Roaming\IObit
    2010-02-28 21:56 . 2010-02-28 21:56 -------- d-----w- c:\programdata\Easy CD-DA Extractor
    2010-02-28 21:46 . 2010-02-28 21:46 -------- d-----w- c:\users\dell user\AppData\Roaming\Ashampoo
    2010-02-28 21:46 . 2010-02-28 21:46 -------- d-----w- c:\programdata\ashampoo
    2010-02-20 10:44 . 2010-02-15 03:04 -------- d-----w- c:\users\dell user\AppData\Roaming\dvdcss
    2010-02-18 01:22 . 2010-02-18 01:22 36 ----a-w- c:\programdata\SecTaskMan\icn_A28B4D68DEBAA244EB686953B7074FEF.dll
    2010-02-18 00:03 . 2010-02-18 00:03 18 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
    2010-02-16 23:18 . 2010-02-13 00:50 79 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
    2010-02-16 21:15 . 2010-02-13 00:50 14 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
    2010-02-16 20:18 . 2010-02-16 20:18 8 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
    2010-02-16 20:01 . 2008-02-08 22:49 -------- d-----w- c:\programdata\Microsoft Help
    2010-02-16 18:09 . 2010-02-16 18:09 67 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
    2010-02-16 17:59 . 2010-02-16 17:59 44 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
    2010-02-16 17:48 . 2010-02-16 17:48 64 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
    2010-02-16 17:35 . 2010-02-13 00:50 26 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
    2010-02-16 17:24 . 2010-02-16 17:24 35 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
    2010-02-16 16:55 . 2010-02-16 16:55 47 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
    2010-02-16 16:27 . 2010-02-16 16:27 56 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
    2010-02-16 06:38 . 2010-02-16 06:38 57 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\std.exe
    2010-02-16 06:38 . 2010-02-16 06:38 31 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
    2010-02-15 20:11 . 2010-02-15 20:11 48 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
    2010-02-15 19:42 . 2010-02-15 19:42 68 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
    2010-02-13 01:59 . 2010-02-13 00:50 69 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
    2010-02-13 01:47 . 2010-02-13 01:47 14 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
    2010-02-13 01:37 . 2010-02-13 01:37 55 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
    2010-02-13 00:50 . 2010-02-13 00:50 6 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
    2010-02-13 00:50 . 2010-02-13 00:50 60 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
    2010-02-13 00:50 . 2010-02-12 23:39 80 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
    2010-02-13 00:50 . 2010-02-13 00:50 33 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
    2010-02-13 00:50 . 2010-02-13 00:50 57 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
    2010-02-13 00:50 . 2010-02-13 00:50 56 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
    2010-02-13 00:50 . 2010-02-13 00:50 4 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
    2010-02-13 00:50 . 2010-02-13 00:50 40 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
    2010-02-13 00:34 . 2010-02-13 00:34 66 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
    2010-02-13 00:00 . 2010-02-13 00:00 62 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\FS.dll
    2010-02-12 23:58 . 2010-02-12 23:58 52224 ----a-w- c:\users\dell user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-02-12 23:28 . 2010-02-12 23:28 8 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
    2010-02-12 23:17 . 2010-02-12 23:17 6 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
    2010-02-12 22:46 . 2010-02-12 22:46 70 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
    2010-02-12 18:42 . 2010-02-12 18:42 2 ----a-w- c:\users\dell user\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
    2010-02-12 11:38 . 2010-02-12 11:38 -------- d-sh--w- c:\programdata\MSZFSSPYW
    2010-02-12 07:54 . 2010-02-12 07:54 202 ----a-w- c:\programdata\SecTaskMan\icn_96DC878CBD58B624183A7E1157AABE19.dll
    2010-02-10 17:13 . 2009-01-08 08:05 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-02-09 03:24 . 2010-02-09 03:24 -------- d-----w- c:\programdata\Dell
    2010-02-09 03:24 . 2010-02-09 03:24 -------- d-----w- c:\programdata\CyberLink
    2010-02-09 03:24 . 2007-10-10 16:28 -------- d-----w- c:\users\dell user\AppData\Roaming\CyberLink
    2010-02-07 23:06 . 2010-02-07 23:06 22486 ----a-r- c:\users\dell user\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
    2010-02-07 23:06 . 2010-02-07 23:06 -------- d-----w- c:\programdata\U3
    2010-02-07 18:59 . 2010-01-16 00:47 -------- d-----w- c:\program files\CCleaner
    2010-02-03 19:57 . 2010-02-03 19:57 907 ----a-w- c:\programdata\SecTaskMan\icn_3e43b73803c7c394f8a6b2f0402e19c2.dll
    2010-01-25 12:47 . 2010-02-03 08:36 3777816 ----a-w- c:\programdata\TEMP\AVG\setup.exe
    2010-01-18 15:02 . 2010-01-18 15:02 110558 ----a-w- c:\users\dell user\ffdshow.reg
    2010-01-16 04:20 . 2010-01-16 04:19 139 ----a-w- c:\programdata\SecTaskMan\icn_1FBBCDDC3072CB6439B8CB8CA1E1AEAA.dll
    2010-01-15 22:57 . 2010-01-15 22:57 7884 ----a-w- c:\programdata\SecTaskMan\icn_B6919F6D0DE22B348B6354F8B0590133.dll
    2010-01-15 22:57 . 2010-01-15 22:57 891 ----a-w- c:\programdata\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll
    2010-01-14 22:24 . 2010-01-14 22:24 5115823 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2008-01-03 11:01 . 2008-01-03 11:01 749256 ----a-w- c:\program files\GoodSync-Setup.exe
    2006-11-22 14:57 . 2006-11-22 14:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-25 3179952]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-19 805392]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 2 (0x2)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStartMenuMyGames"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)
    "NoDFSTab"= 0 (0x0)
    "NoFileAssociate"= 0 (0x0)
    "NoChangeAnimation"= 0 (0x0)
    "RestrictWelcomeCenter"= 0 (0x0)
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
    backup=c:\windows\pss\Orbit.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Users^dell user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
    backup=c:\windows\pss\LaunchU3.exe.lnk.Startup
    backupExtension=.Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\East-Tec Eraser 2009]
    2008-11-25 23:28 872608 ----a-w- c:\program files\East-Tec Eraser 2009\etsecureerase.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
    2010-01-25 15:29 3179952 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2008-02-29 10:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
    2010-01-22 22:12 200280 ----a-w- c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "NVHotkey"=rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    "InCD"=c:\program files\Ahead\InCD\InCD.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "NVHotkey"=rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    "AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiSpywareOverride"=dword:00000001
    R3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-02-21 23096]
    R3 MusCVideo32;MusCVideo32;c:\windows\system32\DRIVERS\MusCVideo32.sys [2008-02-21 3768]
    R3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [2005-05-25 4608]
    R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
    R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
    R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
    R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
    R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
    R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
    R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
    R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
    R4 gupdate1c9c6a7282d00a1;Google Update Service (gupdate1c9c6a7282d00a1);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 133104]
    R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
    R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
    R4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
    S0 MPRIFL;MPRIFL;c:\windows\SYSTEM32\DRIVERS\MPRIFL.SYS [2007-12-14 17264]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
    S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
    2008-06-18 22:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download All By FlashGet3 - c:\users\dell user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download By FlashGet3 - c:\users\dell user\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    Trusted Zone: kuaiche.com\software
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\users\dell user\AppData\Roaming\Mozilla\Firefox\Profiles\fopccb2m.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google Powered Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.santacruzsentinel.com/|http://www.mercurynews.com/|http://...topnav_home|http://www.donquixotesmusic.info/
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\users\dell user\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
    FF - component: c:\users\dell user\AppData\Roaming\Mozilla\Firefox\Profiles\fopccb2m.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
    FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
    FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - ORPHANS REMOVED - - - -
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-FlashGet 3.3 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe


    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2010-04-05 11:54
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover
    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x8A17C8C8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x82d9fd1f
    \Driver\ACPI -> acpi.sys @ 0x804699d6
    \Driver\atapi -> atapi.sys @ 0x807a299c
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSeePhotoEditor.apd"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.dib"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.emf"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.eps"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.fpx"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.gif"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.ico"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.jfif"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.jp2"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.jpe"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.jpeg"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.jpg"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.jpx"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.png"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.rar"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.raw"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.rle"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.tif"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.tiff"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.ttc"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.ttf"
    [HKEY_USERS\S-1-5-21-476101794-3188972041-1849278766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-476101794-3188972041-1849278766-1000)
    "Progid"="ACDSee 10.0.wmf"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-04-05 11:58:05
    ComboFix-quarantined-files.txt 2010-04-05 18:57
    Pre-Run: 53,495,193,600 bytes free
    Post-Run: 53,430,116,352 bytes free
    - - End Of File - - 08BDCAB8BBF6053FB085E7EE0FC53CFD
  14. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    00:40
    My System
    Loading...

    That looks fine.How are things now ?
  15. ssmith411

    ssmith411 New Member Bronze Member

    Joined:
    Apr 4, 2010
    Posts:
    10
    Likes Received:
    0
    Local time:
    15:40
    My System
    Loading...

    200% better! Thanks so much...my Opera links are still getting directed, but at least,they are getting where they're supposed to instead of getting hijacked.
    Again, thanks so much.
Similar Threads
Forum Title Date
System Security Help with hijacking problem Aug 25, 2012
System Security Posting a hijack this file please help Jun 10, 2012
System Security Hijack this log need help! May 5, 2012
System Security I think I have the Google Hijacker Virus - Please help Mar 14, 2012

Thread Status:
Not open for further replies.