TechSpot

Applications partially blocked from accessing internet

By Jukata
Oct 26, 2010
  1. Hello, i've been having this problem for quite a long time now.
    Thing is that something is blocking my programs from accessing internet, but not totally. For example bitcomet has no problem with downloading torrents, but an application like Garena where there are ads can't load them. Instead of the ads, it shows me the Mozilla "Navigation to the page was cancelled" error so basically it connects to the Garena server, but the Ads are blocked from something. Winamp's update screen is blocked too from accessing the internet. Eset32's updater can't connect to their server thus i can't update it. Spybot Search and Destroy has no problem with updating tho. I just can't figure it out...
    Can you guys help me out?
    I tried cleaning my registry, tried checking with Spybot for spywares and malwares, tried checking with Nod32 for any virus signs and there were some but I cleaned them all and my problem still remains.

    Woops forgot to do the scans lol, i'll post the logs in a second

    P.S. I can't use websites as tinypic or imageshack aswell. It just won't upload the files when i try.
     
  2. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

    logs

    Here are the 3 logs I could attach
    Gmer's log can't be attached as it's exceeding the 200 kbs allowed :/
    Your file of 337.6 KB bytes exceeds the forum's limit of 200.0 KB for this filetype.

    Edit: Decided to split the gmer log into two txt files
     

    Attached Files:

  3. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

    Bump. Help please :p
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

  5. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

    Oh lol :p My bad, sorry. I'll do that right away

     
  6. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

     
  7. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

     
  8. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

     
  9. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

     
  10. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

     
  11. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

     
  12. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

     
  13. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

     
  14. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please, do NOT wrap logs in quotes.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000003d

    Kernel Drivers (total 141):
    0x804D7000 \windows\system32\ntkrnlpa.exe
    0x806D0000 \windows\system32\hal.dll
    0xB85A8000 \windows\system32\KDCOM.DLL
    0xB84B8000 \windows\system32\BOOTVID.dll
    0xB7EBD000 sptd.sys
    0xB85AA000 \windows\System32\Drivers\WMILIB.SYS
    0xB7EA5000 \windows\System32\Drivers\SCSIPORT.SYS
    0xB7E77000 ACPI.sys
    0xB7E66000 pci.sys
    0xB80A8000 isapnp.sys
    0xB8670000 pciide.sys
    0xB8328000 \windows\system32\DRIVERS\PCIIDEX.SYS
    0xB80B8000 MountMgr.sys
    0xB7E47000 ftdisk.sys
    0xB85AC000 dmload.sys
    0xB7E21000 dmio.sys
    0xB8330000 PartMgr.sys
    0xB80C8000 sfsync02.sys
    0xB80D8000 VolSnap.sys
    0xB7E09000 atapi.sys
    0xB80E8000 disk.sys
    0xB80F8000 \windows\system32\DRIVERS\CLASSPNP.SYS
    0xB7DE9000 fltmgr.sys
    0xB8108000 PxHelp20.sys
    0xB7DD2000 KSecDD.sys
    0xB7D45000 Ntfs.sys
    0xB7D18000 NDIS.sys
    0xB8338000 sfhlp02.sys
    0xB7D06000 sfdrv01.sys
    0xB7CEC000 Mup.sys
    0xB85A4000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0xB8148000 \SystemRoot\system32\DRIVERS\processr.sys
    0xB8428000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB7C58000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB8430000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB8158000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB8168000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB8178000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB7C35000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB7C21000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
    0xB7B5E000 \SystemRoot\system32\DRIVERS\LVHybrid.sys
    0xB7CC4000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
    0xB7B39000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB7176000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB7162000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB6E48000 \SystemRoot\System32\Drivers\apnbyus0.SYS
    0xB8390000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB8258000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB8584000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB6E34000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB8268000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB8398000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB87EB000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB8278000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB8588000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB6E1D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB8288000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB8298000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB83A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB6E0C000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB82A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB83A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xB83B0000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB6DB4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB82B8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB83B8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB8608000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB6D56000 \SystemRoot\system32\DRIVERS\update.sys
    0xB7CC0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB7CBC000 \SystemRoot\system32\DRIVERS\uscbs109.sys
    0xB82C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB6D15000 \SystemRoot\system32\DRIVERS\uscsc109.sys
    0xB82D8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB8614000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB68B0000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xB688C000 \SystemRoot\system32\drivers\portcls.sys
    0xB8308000 \SystemRoot\system32\drivers\drmk.sys
    0xB6F3F000 \SystemRoot\system32\drivers\nvhda32.sys
    0xB8400000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xB866A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB86D7000 \SystemRoot\System32\Drivers\Null.SYS
    0xB866C000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB4705000 \SystemRoot\system32\DRIVERS\ehdrv.sys
    0xB8418000 \SystemRoot\system32\DRIVERS\Amfilter.sys
    0xB8420000 \SystemRoot\System32\drivers\vga.sys
    0xB85B0000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xB85B2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB8438000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB8440000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB6CD9000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB46D2000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB4679000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB4651000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB4619000 \SystemRoot\system32\DRIVERS\tcpip6.sys
    0xB4601000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
    0xB4581000 \SystemRoot\System32\vsdatant.sys
    0xB6CD1000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xB455F000 \SystemRoot\System32\drivers\afd.sys
    0xB6EFF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB4534000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB85B4000 \SystemRoot\system32\drivers\nod32drv.sys
    0xB44C4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB6EEF000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB449E000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB6EDF000 \SystemRoot\system32\drivers\ip6fw.sys
    0xB6ECF000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB4414000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xB6EAF000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB6D3A000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB8188000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB8448000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB8198000 \SystemRoot\system32\DRIVERS\Amusbprt.sys
    0xB435C000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xB85DA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB4744000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB8458000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xB8772000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB3F75000 \SystemRoot\system32\DRIVERS\eamon.sys
    0xB3E6F000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
    0xB4404000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
    0xB3F5D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB3BEF000 \SystemRoot\system32\DRIVERS\nwrdr.sys
    0xB3B9A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB3A95000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB3DDF000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB365D000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
    0xB8668000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB32D2000 \SystemRoot\system32\DRIVERS\atksgt.sys
    0xB8480000 \SystemRoot\system32\DRIVERS\lirsgt.sys
    0xB351D000 \SystemRoot\system32\drivers\npf.sys
    0xB318A000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB34AD000 \SystemRoot\system32\DRIVERS\secdrv.sys
    0xB2A6F000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB288C000 \SystemRoot\system32\drivers\kmixer.sys
    0xB2E22000 \??\E:\Program Files\Ocean Technology\GG E-Sports Platform\Garena\plugins\UI\safedrv.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll
    0x10000000 \Program Files\DAEMON Tools\daemon.dll

    Processes (total 47):
    0 System Idle Process
    4 System
    852 C:\WINDOWS\system32\smss.exe
    932 csrss.exe
    960 C:\WINDOWS\system32\winlogon.exe
    1004 C:\WINDOWS\system32\services.exe
    1016 C:\WINDOWS\system32\lsass.exe
    1192 C:\WINDOWS\system32\nvsvc32.exe
    1224 C:\WINDOWS\system32\svchost.exe
    1292 svchost.exe
    1400 C:\WINDOWS\system32\svchost.exe
    1548 svchost.exe
    1680 svchost.exe
    1740 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    612 C:\WINDOWS\system32\spoolsv.exe
    708 svchost.exe
    1020 C:\WINDOWS\explorer.exe
    1360 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    1616 C:\WINDOWS\RTHDCPL.exe
    1784 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    1876 C:\Program Files\A4Tech\Mouse\Amoumain.exe
    1972 C:\WINDOWS\vsnp2std.exe
    196 C:\WINDOWS\system32\rundll32.exe
    1512 E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    1288 E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    1380 C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    288 E:\Program Files\DAEMON Tools\daemon.exe
    764 C:\Program Files\Common Files\Teleca Shared\logger.exe
    868 C:\WINDOWS\system32\ctfmon.exe
    220 C:\Program Files\Skype\Phone\Skype.exe
    2140 HP1006MC.EXE
    2312 C:\Program Files\Common Files\Teleca Shared\Generic.exe
    2560 E:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    2584 E:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    2792 E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    2800 E:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
    2952 C:\Program Files\Java\jre6\bin\jqs.exe
    3016 C:\Program Files\Eset\nod32krn.exe
    3100 C:\WINDOWS\system32\svchost.exe
    1760 E:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    2396 E:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    3232 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    2904 alg.exe
    3316 C:\Program Files\Mozilla Firefox\firefox.exe
    3264 C:\Documents and Settings\1\Desktop\GarenaMaster\hbm_Garena_Auto_Joiner\hbm_Garena_Auto_Joiner\AutoJoin.exe
    2992 E:\Program Files\Ocean Technology\GG E-Sports Platform\Garena\Garena.exe
    3956 C:\Documents and Settings\1\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDT725025VLA380, Rev: V5DOA52A

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  17. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

    While running, Combofix asked me to install/update my windows recovery system and after he downloaded it from microsoft.com it gave an error on boot partition.
     
  18. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

    ComboFix log

    ComboFix 10-10-27.04 - 1 10/28/2010 11:05:25.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2047.1528 [GMT 3:00]
    Running from: c:\documents and settings\1\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\INSTALL.LOG
    c:\windows\system\d2jsp.dll
    c:\windows\system32\_000005_.tmp.dll
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\_000007_.tmp.dll
    c:\windows\system32\_000008_.tmp.dll
    c:\windows\system32\_000009_.tmp.dll
    c:\windows\system32\klipxm32.dll
    c:\windows\system32\Temp
    c:\windows\system32\WgaLogon.dll.back

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
    .

    2010-10-26 21:46 . 2010-10-26 21:46 -------- d-----w- C:\VITSOFT
    2010-10-26 15:13 . 2010-10-26 15:13 -------- d-----w- c:\documents and settings\1\Application Data\Malwarebytes
    2010-10-26 15:13 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-26 15:12 . 2010-10-26 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-26 15:12 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-26 13:41 . 2010-10-26 13:41 -------- d-----w- c:\documents and settings\1\Application Data\Uniblue
    2010-10-26 13:41 . 2010-10-26 13:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{AD5E3D2B-0DB1-4CD0-9913-0DDF2051E490}
    2010-10-26 13:41 . 2010-10-26 13:41 -------- d-----w- c:\program files\Uniblue
    2010-10-26 13:41 . 2010-10-26 13:41 -------- d-----w- c:\documents and settings\1\Local Settings\Application Data\PackageAware
    2010-10-26 13:36 . 2010-07-20 18:22 69120 ----a-w- c:\windows\system32\zlcomm.dll
    2010-10-26 13:36 . 2010-07-20 18:22 103936 ----a-w- c:\windows\system32\zlcommdb.dll
    2010-10-26 13:36 . 2010-07-20 18:22 1238528 ----a-w- c:\windows\system32\zpeng25.dll
    2010-10-26 13:36 . 2010-10-26 13:36 -------- d-----w- c:\windows\system32\ZoneLabs
    2010-10-26 13:35 . 2010-10-28 08:13 -------- d-----w- c:\windows\Internet Logs
    2010-10-14 11:06 . 2010-08-27 05:57 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll
    2010-10-14 11:06 . 2010-07-16 12:05 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll
    2010-10-14 11:06 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-14 11:06 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-14 11:05 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 09:23 . 2004-08-03 22:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-03 22:56 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2001-08-23 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58 . 2006-04-11 15:34 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-03 22:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-10 05:58 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-01 11:51 . 2004-08-03 22:56 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2005-11-08 22:13 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2006-01-16 20:39 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2005-10-14 16:17 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2005-10-13 20:36 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-04-15 18:14 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2005-10-15 08:07 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2005-10-13 20:36 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2006-01-16 20:39 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-04 08:50 . 2010-08-04 08:50 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
    2010-08-03 10:28 . 2010-08-03 10:28 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"="e:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
    "RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-10-18 67448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-02-11 15969280]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
    "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
    "snp2std"="c:\windows\vsnp2std.exe" [2005-11-24 344064]
    "hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
    "Mobile Connectivity Suite"="e:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    "egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
    "ZoneAlarm Client"="e:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-07-20 1038848]

    c:\documents and settings\1\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    PowerReg Scheduler V3.exe [2009-5-7 225280]
    PowerReg Scheduler.exe [2009-5-7 256000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    2005-12-20 19:57 176128 ----a-w- e:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\wbsys.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^1^Start Menu^Programs^Startup^Microinvest Internet Мениджър.lnk]
    backup=c:\windows\pss\Microinvest Internet Мениджър.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TVR Schedule.lnk]
    backup=c:\windows\pss\TVR Schedule.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-03-12 21:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    2005-10-13 20:35 61952 ----a-w- c:\windows\system32\hdashcut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "PnkBstrA"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "CaCCProvSP"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "e:\\SIERRA\\Half-Life\\hl.exe"=
    "e:\\Game Things\\Valve\\hl.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "e:\\Game Things\\Blizzard Warcraft\\Warcraft III\\Warcraft III.exe"=
    "e:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "e:\\Game Things\\Valve\\hlds.exe"=
    "e:\\Program Files\\3DO\\Heroes 3 Complete\\h3wog.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
    "e:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
    "e:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena\\Garena.exe"=
    "e:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26412:TCP"= 26412:TCP:BitComet 26412 TCP
    "26412:UDP"= 26412:UDP:BitComet 26412 UDP
    "57817:TCP"= 57817:TCP:BitComet 57817 TCP
    "57817:UDP"= 57817:UDP:BitComet 57817 UDP
    "58345:TCP"= 58345:TCP:BitComet 58345 TCP
    "58345:UDP"= 58345:UDP:BitComet 58345 UDP
    "48896:TCP"= 48896:TCP:BitComet 48896 TCP
    "48896:UDP"= 48896:UDP:BitComet 48896 UDP
    "58496:TCP"= 58496:TCP:BitComet 58496 TCP
    "58496:UDP"= 58496:UDP:BitComet 58496 UDP
    "53785:TCP"= 53785:TCP:BitComet 53785 TCP
    "53785:UDP"= 53785:UDP:BitComet 53785 UDP
    "48694:TCP"= 48694:TCP:BitComet 48694 TCP
    "48694:UDP"= 48694:UDP:BitComet 48694 UDP
    "443:UDP"= 443:UDP:*: Disabled:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:*: Disabled:eek:oVoo TCP port 37674
    "37674:UDP"= 37674:UDP:*: Disabled:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:*: Disabled:eek:oVoo UDP port 37675
    "58483:TCP"= 58483:TCP:BitComet 58483 TCP
    "58483:UDP"= 58483:UDP:BitComet 58483 UDP
    "43748:TCP"= 43748:TCP:BitComet 43748 TCP
    "43748:UDP"= 43748:UDP:BitComet 43748 UDP
    "58493:TCP"= 58493:TCP:BitComet 58493 TCP
    "58493:UDP"= 58493:UDP:BitComet 58493 UDP
    "64867:TCP"= 64867:TCP:BitComet 64867 TCP
    "64867:UDP"= 64867:UDP:BitComet 64867 UDP
    "8380:TCP"= 8380:TCP:League of Legends Launcher
    "8380:UDP"= 8380:UDP:League of Legends Launcher

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 1:31 PM 115008]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 1:28 PM 95896]
    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [12/9/2007 6:29 PM 15424]
    R2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8/12/2010 2:16 PM 810144]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 9:19 PM 50704]
    R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [4/3/2007 1:20 PM 795776]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/1/2010 1:14 AM 58600]
    R3 uscbs109;uscbs109;c:\windows\system32\drivers\uscbs109.sys [3/22/2005 8672]
    R3 uscsc109;uscsc109;c:\windows\system32\drivers\uscsc109.sys [3/22/2005 102336]
    S1 oreans32;oreans32; [x]
    S2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 12:22 PM 136176]
    S3 AMDMSRIO;AMDMSRIO; [x]
    S3 BCUMXMIDI;BCUMXMIDI;c:\windows\system32\drivers\bumxmidi.sys [1/25/2008 7:12 PM 22752]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\g:\install\tools\Test&Tune\Everest Ultimate Engineer Edition 5.00.1692\kerneld.wnt --> g:\install\tools\Test&Tune\Everest Ultimate Engineer Edition 5.00.1692\kerneld.wnt [?]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\1\LOCALS~1\Temp\ORJ3A9A.tmp --> c:\docume~1\1\LOCALS~1\Temp\ORJ3A9A.tmp [?]
    S3 GGSAFERDriver;GGSAFER Driver;\??\e:\program files\Ocean Technology\GG E-Sports Platform\Garena\plugins\UI\safedrv.sys --> e:\program files\Ocean Technology\GG E-Sports Platform\Garena\plugins\UI\safedrv.sys [?]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/24/2010 12:12 PM 24576]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
    S3 w900bus;Sony Ericsson 900i driver (WDM);c:\windows\system32\drivers\w900bus.sys [9/27/2005 10:34 AM 58256]
    S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;c:\windows\system32\drivers\w900mdfl.sys [9/27/2005 10:34 AM 8336]
    S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;c:\windows\system32\drivers\w900mdm.sys [9/27/2005 10:34 AM 94064]
    S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;c:\windows\system32\drivers\w900mgmt.sys [9/27/2005 10:34 AM 85504]
    S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w900obex.sys [9/27/2005 10:34 AM 83440]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/30/2007 12:20 PM 685816]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 09:22]

    2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 09:22]

    2010-10-28 c:\windows\Tasks\RegistryBooster.job
    - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-10-18 08:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.microinvest.net
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\windows\system32\imon.dll
    DPF: Microsoft XML Parser for Java
    FF - ProfilePath - c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\0vplqc6f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.search.selectedEngine - ICQ Search
    FF - prefs.js: browser.startup.homepage - google.bg
    FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\0vplqc6f.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    FF - component: c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\0vplqc6f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\0vplqc6f.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\1\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: e:\program files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin7.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{05B04B5D-2A47-441B-80A3-E25C8CCEF7D6} - (no file)
    BHO-{B98EAA26-1581-4F97-872D-7F3812C9D0A7} - (no file)
    HKLM-Run-nwiz - nwiz.exe
    HKU-Default-Run-Picasa Media Detector - e:\program files\Picasa2\PicasaMediaDetector.exe
    Notify-fcccdeef - fcccdeef.dll
    MSConfigStartUp-ooVoo - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-28 11:15
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\g:\install\tools\Test&Tune\Everest Ultimate Engineer Edition 5.00.1692\kerneld.wnt"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
    "ImagePath"="\??\c:\docume~1\1\LOCALS~1\Temp\ORJ3A9A.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-789336058-1682526488-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:2b,63,e7,de,ba,c4,f2,65,cb,0a,8e,f8,8d,88,ed,79,d9,18,cc,08,56,3c,50,
    ef,0d,15,5a,44,18,99,7d,e0,09,1c,b6,94,a1,83,83,2a,4f,98,a4,fd,d6,4d,a3,3d,\
    "??"=hex:59,e9,0c,dc,b1,96,29,5e,de,32,30,f8,48,92,75,3d

    [HKEY_USERS\S-1-5-21-789336058-1682526488-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:66,5c,9e,ff,15,47,12,63,20,6d,91,0a,f8,c2,0f,80,e1,6e,40,ee,e1,
    f4,db,b8,7e,2a,8f,57,1c,7c,9e,68,7c,52,c5,21,4c,bb,99,c8,c1,2a,7a,d7,4a,63,\
    "rkeysecu"=hex:e0,bf,1c,88,70,20,08,d9,77,5d,9b,83,99,d9,be,92
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(900)
    e:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

    - - - - - - - > 'lsass.exe'(956)
    c:\windows\system32\imon.dll

    - - - - - - - > 'explorer.exe'(4072)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    e:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Eset\nod32krn.exe
    c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
    c:\program files\Common Files\Teleca Shared\logger.exe
    c:\program files\Common Files\Teleca Shared\Generic.exe
    e:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    e:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    e:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
    e:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    e:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    c:\program files\Uniblue\RegistryBooster\registrybooster.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-28 11:19:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-28 08:18

    Pre-Run: 26,034,397,184 bytes free
    Post-Run: 26,248,613,888 bytes free

    - - End Of File - - 527346187412A6C3AD851110188619B9
     
  19. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

    Hmm after the ComboFix run, Daemon Tools gives me an error every time i try to run it.
    However, Garena and other programs now show their ads, but Nod32, Garena and the other programs still can't connect to their servers for update. Ads are loaded, but can't connect for update. Something's still partially blocking them :/
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I'd need to know exact error. Recovery console is a very important part of Windows XP troubleshooting tools.
    Recovery Console must be installed.

    ========================================================================

    Please, uninstall Uniblue RegistryBooster.
    Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

    =======================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DDS::
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    
    Driver::
    oreans32
    AMDMSRIO
    
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  21. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

    ****

    The Windows Recovery problem was because i was missing the boot.ini file so I googled on how to fix this issue and made a new boot.ini
    After that i ran ComboFix with the new script and right after it started a blue window appeared for a second and after that an error that said nothing, just an OK button. I clicked on the OK button and it rebooted the computer. Now every time i try to run the windows it gives me an error on a "missing hal.dll" file.
     
  22. Jukata

    Jukata TS Rookie Topic Starter Posts: 19

    Oops

    I guess I did something wrong with the boot.ini file. I replaced it with a new one by making a new boot partition. Deleted the previous (corrupted) one before that. Windows just started normally and Combofix is currently running. I'll post the log later.

    Edit: freaking Combofix is stuck on "attempting to create a new System Restore Point"
    Edit 2: ok now its back on track. Currently at Stage 3. everything seems smooth except that Error with no message that rebooted my computer earlier. That bothers me
    Edit 3: Everything is messed up lol. I'm using System Restore to restore it to a point before i did anything with boot.ini and recovery console. Which means i'll have to do another Combofix scan. Btw Combofix for some reason removes SPTD
     
  23. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Using system restore during cleaning process is not a good idea, because we'll have to re-run all scans.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...