TechSpot

Google keeps redirecting me everytime i click a link

By Klocc
Mar 12, 2011
  1. okay so i kinda get this you need my hijackthis file info and here it is....i have no idea what to do right now




    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:48:40 AM, on 3/12/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\FileZilla Server\FileZilla Server.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    c:\Program Files\Zune\ZuneBusEnum.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
    C:\Program Files\Steam\Steam.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\anaylsys.exe.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Ant.com Download Toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll
    O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
    O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

    --
    End of file - 9596 bytes
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help with the redirect, but we don't 'screen' for malware with HijackThis.

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. Klocc

    Klocc TS Rookie Topic Starter Posts: 20


    okay in the steps i use my panda cloud antivirus. did that yesterday without even looking at the steps.

    as for the malware on step 3 heres the notepad info...


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6038

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/12/2011 4:34:36 PM
    mbam-log-2011-03-12 (16-34-36).txt

    Scan type: Quick scan
    Objects scanned: 145389
    Time elapsed: 4 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\KUGHGZXAKT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\Lxekya.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\WINDOWS\Lxekyb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


    i know im not posting in order but as for dds file

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Administrator at 16:55:24.23 on Sat 03/12/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1051 [GMT -5:00]
    .
    AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    svchost.exe
    C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\FileZilla Server\FileZilla Server.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    c:\Program Files\Zune\ZuneBusEnum.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\8u28kesn.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
    TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Tunebite] c:\program files\rapidsolution\tunebite\Tunebite.exe -tray
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [FileZilla Server Interface] "c:\program files\filezilla server\FileZilla Server Interface.exe"
    mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    dRunOnce: [RunNarrator] Narrator.exe
    IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files\pixiepack codec pack\InstallerHelper.exe
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ynsgo0g7.default\
    FF - component: c:\program files\panda security\panda id protect\firefox\components\FFKeypad.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\panda security\panda id protect\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
    R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-12-22 515096]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-2 47640]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
    S3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys --> c:\windows\system32\drivers\appliand.sys [?]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
    S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2009-12-19 111464]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2011-03-12 21:27:33 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2011-03-12 21:27:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-12 21:27:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-03-12 21:27:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-12 21:27:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-12 07:25:06 -------- d-----w- c:\program files\SystemRequirementsLab
    2011-03-12 06:46:03 -------- d-----w- c:\program files\Valve
    2011-03-12 06:44:33 -------- d-----w- c:\program files\Quick Web Player
    2011-03-11 22:52:37 -------- d-----w- c:\program files\PixiePack Codec Pack
    2011-03-11 21:25:05 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\CrashRpt
    2011-03-11 21:23:55 -------- d-----w- c:\program files\RapidSolution
    2011-03-11 21:23:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\RapidSolution
    2011-03-11 21:20:26 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\RapidSolution
    2011-03-11 20:41:28 -------- d-----w- c:\program files\common files\Software Update Utility
    2011-03-11 19:12:57 155648 --sha-r- c:\windows\system32\inetcommz.dll
    2011-03-11 10:40:51 -------- d-----w- c:\program files\Steam
    2011-03-11 10:33:25 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
    2011-03-11 10:31:50 -------- d-----w- c:\windows\Replay Media Catcher
    2011-03-11 10:31:14 -------- d-----w- c:\program files\Replay Media Catcher
    2011-03-11 10:17:50 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Jaksta_Technologies_Pty_L
    2011-03-11 10:16:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applian
    2011-03-10 22:13:32 -------- d-----w- c:\program files\iPod
    2011-03-10 22:13:26 -------- d-----w- c:\program files\iTunes
    2011-03-09 15:49:22 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\clone.AD
    2011-03-09 14:04:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\clone.AD
    2011-03-09 14:03:57 -------- d-----w- c:\program files\clone.AD
    2011-03-09 14:03:49 497664 ----a-w- c:\windows\system32\ac3filter.acm
    2011-03-09 14:03:49 -------- d-----w- c:\program files\AC3Filter
    2011-03-09 14:03:33 -------- d-----w- c:\program files\AviSynth 2.5
    2011-03-09 03:14:22 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
    2011-03-08 11:15:01 -------- d-----w- c:\program files\FileZilla Server
    2011-03-08 11:14:11 5600 ----a-w- c:\windows\system\WINASPI.DLL
    2011-03-08 11:14:11 4672 ----a-w- c:\windows\system\WOWPOST.EXE
    2011-03-08 11:14:11 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
    2011-03-08 11:14:11 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
    2011-03-08 11:14:09 -------- d-----w- c:\program files\XviD
    2011-03-08 11:14:08 641021 ----a-w- c:\windows\unins000.exe
    2011-03-08 11:14:08 200192 ----a-w- c:\windows\system32\LameACM.acm
    2011-03-08 11:14:08 187904 ----a-w- c:\windows\system32\Lame.exe
    2011-03-08 11:14:08 166912 ----a-w- c:\windows\system32\Lame_enc.dll
    2011-03-02 08:04:44 -------- d--h--w- c:\windows\PIF
    2011-02-28 21:29:54 26784 ----a-w- c:\windows\system32\drivers\tbhsd.sys
    2011-02-24 05:25:59 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
    2011-02-24 05:25:05 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
    2011-02-22 07:53:02 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
    2011-02-22 07:33:06 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-02-22 07:32:50 -------- d-----w- c:\windows\ie8updates
    2011-02-22 07:31:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-02-22 07:31:51 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-02-22 07:31:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-02-22 07:22:09 -------- dc-h--w- c:\windows\ie8
    2011-02-21 05:25:06 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Freelang Dictionary
    2011-02-21 05:13:49 -------- d-----w- C:\TKMIT
    2011-02-19 14:01:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security URL Filtering
    2011-02-12 23:14:30 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Temp
    2011-02-12 23:12:43 -------- d-----w- c:\windows\system32\Adobe
    2011-02-12 23:09:38 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Adobe
    .
    ==================== Find3M ====================
    .
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 13:31:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-02-02 13:31:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 18:22:27 1409 ----a-w- c:\windows\QTFont.for
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec
    2010-12-16 23:39:53 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
    .
    ============= FINISH: 16:57:04.34 ===============

    and for the attach file along with it

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/16/2010 4:26:50 PM
    System Uptime: 3/12/2011 4:37:16 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2194/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 42.229 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 466 GiB total, 202.957 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\1D5019814A4FC000
    Manufacturer: Microsoft
    Name: 1394 Net Adapter #2
    PNP Device ID: V1394\NIC1394\1D5019814A4FC000
    Service: NIC1394
    .
    ==== System Restore Points ===================
    .
    RP1: 3/11/2011 3:11:58 PM - System Checkpoint
    RP2: 3/11/2011 4:22:26 PM - Installed Audials
    RP3: 3/11/2011 4:23:52 PM - Installed Audials
    RP4: 3/11/2011 4:24:52 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP5: 3/11/2011 5:46:31 PM - Removed Audials TV
    RP6: 3/11/2011 5:47:23 PM - Removed Audials
    RP7: 3/11/2011 5:49:11 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP8: 3/11/2011 5:49:58 PM - Installed Tunebite
    RP9: 3/12/2011 12:47:01 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    AC3Filter 1.63b
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Age of Chivalry
    AIM 7
    Alarm Clock v1.0
    Ant.com IE add-on
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avi.NET 3.2.0.0
    AviSynth 2.5
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Broadcom ASF Management Applications
    Broadcom Gigabit Integrated Controller
    Broadcom TPM Driver Installer
    CDBurnerXP
    Citrus Alarm Clock 2.0
    cladDVD.NET v3.5.7
    Conexant HDA D330 MDC V.92 Modem
    Counter-Strike
    Counter-Strike: Source
    Day of Defeat
    Dell Driver Download Manager
    Dell Touchpad
    DivX Setup
    Download Updater (AOL LLC)
    Elasto Mania
    Empires
    EVEREST Home Edition v2.20
    EVEREST Ultimate Edition v5.50
    FileZilla Client 3.3.5.1
    FileZilla Server (remove only)
    Freelang Dictionary (wordlist)
    Freelang Dictionary 3.74 beta
    Half-Life 2
    Half-Life 2 Awakening 1.1
    Half-Life 2: Episode One
    Half-Life Decay PC 1.0
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    Icy Tower v1.4
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    LogMeIn
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Expression Web
    Microsoft Expression Web MUI (English)
    Microsoft Expression Web Service Pack 1 (SP1)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.15)
    NVIDIA Drivers
    OZ776 SCR Driver V1.1.4.202
    Panda Cloud Antivirus
    Panda Identity Protect 3.0.44
    Panda Security Toolbar
    Panda Security URL Filtering
    PixiePack Codec Pack
    Poke646 1.0
    QuickTime
    Ricochet
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Shareaza 2.5.4.0
    SigmaTel Audio
    SourceForts 1.9.4.1 Fixed
    Spybot - Search & Destroy
    Steam
    Synergy
    System Requirements Lab
    Team Fortress Classic
    Tunebite
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Project 2007 Help (KB963668)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.7
    VobSub v2.23 (Remove Only)
    WebFldrs XP
    Winamp
    Winamp Detector Plug-in
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Mobile Device Updater Component
    Windows XP Service Pack 3
    WinRAR archiver
    XviD & MP3 Codec Pack (remove only)
    Xvid 1.2.2 final uninstall
    Zombie Panic Source
    Zune
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/8/2011 12:03:24 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    3/8/2011 12:03:24 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    3/7/2011 10:16:52 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
    3/12/2011 4:46:49 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    3/12/2011 4:38:19 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    3/12/2011 3:51:50 PM, error: Service Control Manager [7031] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The NMSAccess service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:42 PM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The FileZilla Server FTP server service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Ant Toolbar updater service service terminated unexpectedly. It has done this 1 time(s).
    3/12/2011 3:51:41 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/11/2011 5:16:42 AM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.
    3/11/2011 4:24:45 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    3/11/2011 4:24:45 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TempSFX\msi\VCRedistSmartCheckerDll.dll. Reference error message: The operation completed successfully. .
    3/11/2011 4:24:45 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    3/11/2011 3:41:03 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    .
    ==== End Of File ===========================


    and as for gmer its...


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-03-12 18:03:12
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9120823AS rev.3.ADB
    Running: 8u28kesn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdqpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for XP32/Panda Security, S.L.) ZwTerminateProcess [0xB2B72416]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? fmgk.sys The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D61360, 0x30A247, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2160] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10406373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 02C7B5B6
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02C7C304
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02C7BFED
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02C7C20E
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 02C7B4F9
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02C7C093
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02C7C13D
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 02C7B91A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 02C7C572
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 02C7CAAC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 02C7C4A5
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 02C7C9C7
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 02C7CE63
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 02C7CF2D
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02C7B9F5
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 02C7C8DF
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 02C7C71B
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 02C7C392
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 02C7C63F
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 02C7C7F7
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3556] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10406373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Control\Session Manager@PendingFileRenameOperations ???;ri???????;???????????????????@???.??????pci??;???????????F?F?????;??????????eN??? ???????B???????????;????????6????????????06??????? ???????????????????19???c?c?c?c?;??? ??????? ???????????;???????????????????????;???????????????????????????1???????????????1???????????1???????????????1????X??F???????????????.????????r??????????????/???????????/???????????/?????e?/???????????1???????????l??????@????1?????????s?1???;??? ??????????????????Microsoft???? ???;???????????e???????????????????????t?t?&????0??;???????????????;?;?;?;?;?;?;?;f????????????????????????????;???;??? ???????????????????(???????? ?@?????????yce???Bluetooth Personal Area Network??;???;???;???????????????????????e?????????????????????????????? A?????b???F?????????????h?????????d a???????????t?????? W???????????t???????6??????????? ???????0???????????o?????? w???????????a?????? u???????????m??????pd???????????e???????0???????????a???????4???????????i???????8???????????r???????????;??????????????? h??F???e??????ox?????c???B???;?????s?????????

    ---- EOF - GMER 1.0.15 ----
     
  4. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    and i use panda cloud anti virus and spy bot search and destroy they seem like the best ive used so far. no need for a firewall. its not a business computer
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Are you actually using the remote login?
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ============================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =======================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Logs from each please in next reply.
     
  6. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    okay i use logmein free. i used to use vnc but it just got too old and logmein was so much easier just connect to the web and i got a nice connection java based i believe

    the first one gave me no errors but heres the report

    2011/03/13 17:18:44.0906 2992 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/03/13 17:18:45.0015 2992 ================================================================================
    2011/03/13 17:18:45.0015 2992 SystemInfo:
    2011/03/13 17:18:45.0015 2992
    2011/03/13 17:18:45.0015 2992 OS Version: 5.1.2600 ServicePack: 3.0
    2011/03/13 17:18:45.0015 2992 Product type: Workstation
    2011/03/13 17:18:45.0015 2992 ComputerName: K_LOCC
    2011/03/13 17:18:45.0015 2992 UserName: Administrator
    2011/03/13 17:18:45.0015 2992 Windows directory: C:\WINDOWS
    2011/03/13 17:18:45.0015 2992 System windows directory: C:\WINDOWS
    2011/03/13 17:18:45.0015 2992 Processor architecture: Intel x86
    2011/03/13 17:18:45.0015 2992 Number of processors: 2
    2011/03/13 17:18:45.0015 2992 Page size: 0x1000
    2011/03/13 17:18:45.0015 2992 Boot type: Normal boot
    2011/03/13 17:18:45.0015 2992 ================================================================================
    2011/03/13 17:18:45.0265 2992 Initialize success
    2011/03/13 17:18:59.0921 1052 ================================================================================
    2011/03/13 17:18:59.0921 1052 Scan started
    2011/03/13 17:18:59.0921 1052 Mode: Manual;
    2011/03/13 17:18:59.0921 1052 ================================================================================
    2011/03/13 17:19:01.0250 1052 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/03/13 17:19:01.0328 1052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/03/13 17:19:01.0437 1052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/03/13 17:19:01.0562 1052 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/03/13 17:19:01.0875 1052 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    2011/03/13 17:19:02.0000 1052 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/03/13 17:19:02.0218 1052 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
    2011/03/13 17:19:02.0250 1052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/03/13 17:19:02.0281 1052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/03/13 17:19:02.0359 1052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/03/13 17:19:02.0437 1052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/03/13 17:19:02.0500 1052 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2011/03/13 17:19:02.0593 1052 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
    2011/03/13 17:19:02.0671 1052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/03/13 17:19:02.0765 1052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/03/13 17:19:02.0859 1052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/03/13 17:19:02.0937 1052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/03/13 17:19:03.0031 1052 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/03/13 17:19:03.0093 1052 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
    2011/03/13 17:19:03.0218 1052 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/03/13 17:19:03.0328 1052 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/03/13 17:19:03.0468 1052 CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys
    2011/03/13 17:19:03.0625 1052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/03/13 17:19:03.0718 1052 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/03/13 17:19:03.0828 1052 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/03/13 17:19:03.0906 1052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/03/13 17:19:03.0968 1052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/03/13 17:19:04.0078 1052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/03/13 17:19:04.0218 1052 EverestDriver (76984d46b2abaa46f8b3fcef82c9217d) C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
    2011/03/13 17:19:04.0359 1052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/03/13 17:19:04.0406 1052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/03/13 17:19:04.0468 1052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/03/13 17:19:04.0546 1052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/03/13 17:19:04.0593 1052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/03/13 17:19:04.0656 1052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/03/13 17:19:04.0703 1052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/03/13 17:19:04.0796 1052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/03/13 17:19:04.0875 1052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/03/13 17:19:04.0953 1052 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
    2011/03/13 17:19:05.0031 1052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/03/13 17:19:05.0125 1052 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/03/13 17:19:05.0250 1052 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    2011/03/13 17:19:05.0343 1052 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    2011/03/13 17:19:05.0468 1052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/03/13 17:19:05.0656 1052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/03/13 17:19:05.0875 1052 ialm (37eb2dc75d8f6451ae55071610dc24e1) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/03/13 17:19:06.0109 1052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/03/13 17:19:06.0296 1052 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/03/13 17:19:06.0343 1052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/03/13 17:19:06.0406 1052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/03/13 17:19:06.0468 1052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/03/13 17:19:06.0531 1052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/03/13 17:19:06.0593 1052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/03/13 17:19:06.0671 1052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/03/13 17:19:06.0734 1052 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/03/13 17:19:06.0781 1052 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/03/13 17:19:06.0875 1052 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/03/13 17:19:06.0921 1052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/03/13 17:19:06.0984 1052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/03/13 17:19:07.0156 1052 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    2011/03/13 17:19:07.0250 1052 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    2011/03/13 17:19:07.0359 1052 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2011/03/13 17:19:07.0421 1052 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/03/13 17:19:07.0531 1052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/03/13 17:19:07.0625 1052 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/03/13 17:19:07.0718 1052 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/03/13 17:19:07.0765 1052 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/03/13 17:19:07.0812 1052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/03/13 17:19:07.0906 1052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/03/13 17:19:08.0031 1052 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/03/13 17:19:08.0093 1052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/03/13 17:19:08.0140 1052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/03/13 17:19:08.0156 1052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/03/13 17:19:08.0203 1052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/03/13 17:19:08.0296 1052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/03/13 17:19:08.0328 1052 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/03/13 17:19:08.0375 1052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/03/13 17:19:08.0421 1052 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/03/13 17:19:08.0468 1052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/03/13 17:19:08.0515 1052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/03/13 17:19:08.0593 1052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/03/13 17:19:08.0640 1052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/03/13 17:19:08.0703 1052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/03/13 17:19:09.0000 1052 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
    2011/03/13 17:19:09.0234 1052 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/03/13 17:19:09.0328 1052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/03/13 17:19:09.0375 1052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/03/13 17:19:09.0500 1052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/03/13 17:19:09.0859 1052 nv (77f427e51479c66c09f967d15b639b37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/03/13 17:19:10.0218 1052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/03/13 17:19:10.0265 1052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/03/13 17:19:10.0375 1052 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/03/13 17:19:10.0437 1052 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2011/03/13 17:19:10.0468 1052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/03/13 17:19:10.0546 1052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/03/13 17:19:10.0593 1052 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/03/13 17:19:10.0703 1052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/03/13 17:19:10.0750 1052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/03/13 17:19:11.0140 1052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/03/13 17:19:11.0203 1052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/03/13 17:19:11.0281 1052 PSINAflt (fdc5fbcc24fff63b0dc8057f77224bdc) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
    2011/03/13 17:19:11.0359 1052 PSINFile (21340bae4746bb87685eb7b0340e37f4) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
    2011/03/13 17:19:11.0437 1052 PSINKNC (043bb8afcb1fad95046f4cc9374fddf3) C:\WINDOWS\system32\DRIVERS\psinknc.sys
    2011/03/13 17:19:11.0468 1052 PSINProc (a821bb25b89ced1999eaf40feb9e3fec) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
    2011/03/13 17:19:11.0484 1052 PSINProt (fdb3745e5458ef8e1a39edd65c0d4dec) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
    2011/03/13 17:19:11.0546 1052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/03/13 17:19:11.0593 1052 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/03/13 17:19:11.0703 1052 qcusbser (8075c797f81aa2e2d9ab92438c0a4a8b) C:\WINDOWS\system32\DRIVERS\qcusbser.sys
    2011/03/13 17:19:11.0968 1052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/03/13 17:19:12.0046 1052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/03/13 17:19:12.0093 1052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/03/13 17:19:12.0156 1052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/03/13 17:19:12.0218 1052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/03/13 17:19:12.0265 1052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/03/13 17:19:12.0296 1052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/03/13 17:19:12.0343 1052 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/03/13 17:19:12.0390 1052 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/03/13 17:19:12.0484 1052 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    2011/03/13 17:19:12.0578 1052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/03/13 17:19:12.0640 1052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/03/13 17:19:12.0687 1052 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/03/13 17:19:12.0781 1052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/03/13 17:19:12.0937 1052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/03/13 17:19:12.0984 1052 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/03/13 17:19:13.0046 1052 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/03/13 17:19:13.0156 1052 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
    2011/03/13 17:19:13.0281 1052 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
    2011/03/13 17:19:13.0375 1052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/03/13 17:19:13.0453 1052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/03/13 17:19:13.0656 1052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/03/13 17:19:13.0734 1052 tbhsd (5d8c820e2d885c25ffc6bbc5d4fe073c) C:\WINDOWS\system32\drivers\tbhsd.sys
    2011/03/13 17:19:13.0843 1052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/03/13 17:19:13.0890 1052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/03/13 17:19:13.0906 1052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/03/13 17:19:13.0968 1052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/03/13 17:19:14.0093 1052 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
    2011/03/13 17:19:14.0187 1052 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
    2011/03/13 17:19:14.0250 1052 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
    2011/03/13 17:19:14.0296 1052 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
    2011/03/13 17:19:14.0359 1052 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
    2011/03/13 17:19:14.0406 1052 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
    2011/03/13 17:19:14.0484 1052 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
    2011/03/13 17:19:14.0578 1052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/03/13 17:19:14.0734 1052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/03/13 17:19:14.0828 1052 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/03/13 17:19:14.0921 1052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/03/13 17:19:15.0000 1052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/03/13 17:19:15.0046 1052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/03/13 17:19:15.0093 1052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/03/13 17:19:15.0125 1052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/03/13 17:19:15.0171 1052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/03/13 17:19:15.0203 1052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/03/13 17:19:15.0312 1052 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/03/13 17:19:15.0390 1052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/03/13 17:19:15.0484 1052 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2011/03/13 17:19:15.0593 1052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/03/13 17:19:15.0703 1052 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2011/03/13 17:19:15.0843 1052 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/03/13 17:19:15.0953 1052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/03/13 17:19:16.0000 1052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/03/13 17:19:16.0093 1052 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
    2011/03/13 17:19:16.0343 1052 ================================================================================
    2011/03/13 17:19:16.0343 1052 Scan finished
    2011/03/13 17:19:16.0343 1052 ================================================================================



    and i knew panda was the best this one didnt find anything


    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=ff6a0f5ea91a134db691ae9283eb8ffb
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-13 09:25:32
    # local_time=2011-03-13 05:25:32 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1538 16774118 20 3 94429 127657757 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=423
    # found=0
    # cleaned=0
    # scan_time=65



    and as for combofix i had lil issue i gave me blue screen....link 1 did i used link 2 workd for me. anyways this one gave me a lil problem but its done

    ComboFix 11-03-12.01 - Administrator 03/13/2011 17:47:59.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1541 [GMT -4:00]
    Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
    AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\Local
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\0.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\settings.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_SSHNAS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-13 21:21 . 2011-03-13 21:21 -------- d-----w- c:\program files\ESET
    2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-03-12 21:27 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-12 21:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\program files\SystemRequirementsLab
    2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
    2011-03-12 06:46 . 2011-03-12 06:46 -------- d-----w- c:\program files\Valve
    2011-03-12 06:44 . 2011-03-12 06:44 -------- d-----w- c:\program files\Quick Web Player
    2011-03-11 22:52 . 2011-03-11 22:52 -------- d-----w- c:\program files\PixiePack Codec Pack
    2011-03-11 22:50 . 2011-03-13 21:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tunebite
    2011-03-11 21:25 . 2011-03-11 21:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CrashRpt
    2011-03-11 21:23 . 2011-03-11 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
    2011-03-11 21:23 . 2011-03-11 22:49 -------- d-----w- c:\program files\RapidSolution
    2011-03-11 21:20 . 2011-03-11 21:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\RapidSolution
    2011-03-11 20:41 . 2011-03-11 20:41 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2011-03-11 20:12 . 2011-03-11 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-03-11 19:12 . 2011-03-11 19:12 155648 --sha-r- c:\windows\system32\inetcommz.dll
    2011-03-11 10:40 . 2011-03-12 08:25 -------- d-----w- c:\program files\Steam
    2011-03-11 10:33 . 2011-03-11 19:08 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
    2011-03-11 10:31 . 2011-03-11 10:31 -------- d-----w- c:\windows\Replay Media Catcher
    2011-03-11 10:31 . 2011-03-11 19:09 -------- d-----w- c:\program files\Replay Media Catcher
    2011-03-11 10:17 . 2011-03-11 10:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Jaksta_Technologies_Pty_L
    2011-03-11 10:16 . 2011-03-11 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Applian
    2011-03-10 22:13 . 2011-03-10 22:13 -------- d-----w- c:\program files\iPod
    2011-03-10 22:13 . 2011-03-10 22:14 -------- d-----w- c:\program files\iTunes
    2011-03-09 15:49 . 2011-03-09 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\clone.AD
    2011-03-09 14:04 . 2011-03-09 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\clone.AD
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\clone.AD
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AC3Filter
    2011-03-09 14:03 . 2009-08-12 02:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AviSynth 2.5
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\Gabest
    2011-03-09 03:14 . 2011-03-09 13:58 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
    2011-03-08 11:24 . 2011-03-11 09:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
    2011-03-08 11:24 . 2011-03-08 11:24 -------- d-----w- c:\program files\FileZilla FTP Client
    2011-03-08 11:15 . 2011-03-08 11:15 -------- d-----w- c:\program files\FileZilla Server
    2011-03-08 11:14 . 2011-03-09 01:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-03-08 11:14 . 1999-09-10 17:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
    2011-03-08 11:14 . 1999-09-10 17:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
    2011-03-08 11:14 . 1999-09-10 17:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
    2011-03-08 11:14 . 1999-09-10 17:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
    2011-03-08 11:14 . 2011-03-09 14:02 -------- d-----w- c:\program files\XviD
    2011-03-08 11:14 . 2011-03-08 11:14 641021 ----a-w- c:\windows\unins000.exe
    2011-03-08 11:14 . 2004-07-26 17:13 200192 ----a-w- c:\windows\system32\LameACM.acm
    2011-03-08 11:14 . 2004-07-26 17:12 166912 ----a-w- c:\windows\system32\Lame_enc.dll
    2011-03-08 11:14 . 2004-07-26 17:12 187904 ----a-w- c:\windows\system32\Lame.exe
    2011-03-02 08:04 . 2011-03-02 08:04 -------- d--h--w- c:\windows\PIF
    2011-02-28 21:29 . 2007-12-11 14:52 26784 ----a-w- c:\windows\system32\drivers\tbhsd.sys
    2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
    2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-02-22 07:53 . 2011-02-22 07:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-02-22 07:52 . 2011-02-22 07:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-02-22 07:33 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-02-22 07:31 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-02-22 07:31 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-02-22 07:31 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-02-22 07:22 . 2011-02-22 07:31 -------- dc-h--w- c:\windows\ie8
    2011-02-21 05:25 . 2011-02-21 05:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Freelang Dictionary
    2011-02-21 05:13 . 2011-02-21 05:13 -------- d-----w- C:\TKMIT
    2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Application Data\SurfSecret Privacy Suite
    2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\panda2_0dn
    2011-02-19 14:01 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering
    2011-02-12 23:14 . 2011-02-12 23:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
    2011-02-12 23:12 . 2011-02-12 23:12 -------- d-----w- c:\windows\system32\Adobe
    2011-02-12 23:11 . 2011-02-12 23:11 -------- d-----w- c:\program files\Common Files\Adobe
    2011-02-12 23:09 . 2011-02-12 23:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-02-12 23:09 . 2011-02-12 23:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2011-02-12 23:09 . 2011-02-12 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-02-02 07:58 . 2010-11-16 21:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2010-11-16 21:19 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 18:22 . 2010-12-28 18:22 1409 ----a-w- c:\windows\QTFont.for
    2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
    2010-12-16 23:39 . 2010-12-16 23:39 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
    2010-12-16 23:12 . 2010-12-16 23:12 113096 ----a-w- c:\windows\system32\drivers\PSINProt.sys
    2010-12-16 23:12 . 2010-12-16 23:12 111944 ----a-w- c:\windows\system32\drivers\PSINProc.sys
    2010-12-16 23:12 . 2010-12-16 23:12 130376 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
    2010-12-16 23:12 . 2010-12-16 23:12 97352 ----a-w- c:\windows\system32\drivers\PSINFile.sys
    2010-12-16 23:12 . 2010-12-16 23:12 141768 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
    2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
    .
    [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
    "FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe" [2010-10-17 1259008]
    "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-12-08 21:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrus Alarm Clock.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrus Alarm Clock.lnk
    backup=c:\windows\pss\Citrus Alarm Clock.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    2009-11-03 23:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    2009-11-03 23:45 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering]
    2010-12-19 14:19 223400 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-11-11 21:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WSearch"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Winamp\\winamp.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\zombie panic! source\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\counter-strike\\hl.exe"=
    "c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\half-life\\hl.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:shareaza
    "6346:UDP"= 6346:UDP:shareaza
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 7:12 PM 130376]
    R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [12/22/2010 9:14 PM 515096]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 6:21 PM 79432]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 5:11 PM 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 7:40 PM 12856]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 7:12 PM 141768]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 7:12 PM 97352]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 7:12 PM 111944]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 7:12 PM 113096]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 1:00 AM 7168]
    S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [12/19/2009 6:20 PM 111464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
    2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\Download.dll
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ynsgo0g7.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\Panda Security\Panda ID Protect\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-NvCplDaemon - c:\windows\system32\NvCpl.dll
    MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
    MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
    MSConfigStartUp-HotKeysCmds - c:\windows\system32\hkcmd.exe
    MSConfigStartUp-IgfxTray - c:\windows\system32\igfxtray.exe
    MSConfigStartUp-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    MSConfigStartUp-KUGHGZXAKT - c:\docume~1\ADMINI~1\LOCALS~1\Temp\Lwd.exe
    MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll
    MSConfigStartUp-NVHotkey - nvHotkey.dll
    MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
    MSConfigStartUp-nwiz - nwiz.exe
    MSConfigStartUp-Panda Security Toolbar Antiphishing - c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe
    MSConfigStartUp-Persistence - c:\windows\system32\igfxpers.exe
    MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 17:56
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
    "ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-796845957-343818398-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,c1,80,9f,f2,f8,37,44,b4,53,6b,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,c1,80,9f,f2,f8,37,44,b4,53,6b,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(716)
    c:\windows\system32\LMIinit.dll
    .
    - - - - - - - > 'explorer.exe'(2124)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
    c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
    c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\windows\system32\rundll32.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\FileZilla Server\FileZilla Server.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\Apntex.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\Intel\WiFi\bin\WLKeeper.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\Zune\ZuneBusEnum.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-13 18:01:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-13 22:01
    .
    Pre-Run: 45,077,614,592 bytes free
    Post-Run: 44,916,224,000 bytes free
    .
    - - End Of File - - 45A3AE1335FDA474D24098D07884252C
     
  7. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    i still dont get why all these different programs i never heard of. but i did only have to read half of the instuctions because they were too userfrienly for me

    i can see how its showing file paths and all and maybe if something is there. i use a few different programs to do certain things and i got a new(er) computer and the programs that it needs in the background im still having troubble seeing whats what and with the startup

    i just remember i never needed anything to load up in the startup except whatever i wanted. now i need the track pad and such (but thats all because its a laptop and it needs the accessories) and i got the d630 it had a bad video card they replaced it for free because of some class action lawsuit so the new hardware is in there. assuming they put the same? somehow settings changed after he put that in

    i use clone screen too to my tv. its always nice to play a little half life on the big screen haha wish i had this thing years ago when i was accually playing
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I notice the day you left the first logs was 3/12. On that same date, you installed Steam and Valve The day before, 3/11, you installed RapidSolution:

    Valve Corporation is an American video game development and digital distribution company. Its social-distribution network Steam.
    Steam is a digital distribution, digital rights management, multiplayer and communications platform developed by Valve Corporation.
    RapidSolution was most likely the source for Tunebite which will Legally record, convert and enjoy copy-protected music.

    Is it possible that you used a file sharing site for these programs and got malware that way? Did you have the redirects before these 3 downloads?

    There is a bad Registry entry for, in part, a Bluetooth Personal Area Network (PAN). A Bluetooth PAN is also called a piconet, and is composed of up to 8 active devices in a master-slave relationship (a very large number of devices can be connected in "parked" mode).This is a wireless network.A personal area network (PAN) is a computer network used for communication among computer devices, including telephones and personal digital assistants, in proximity to an individual's body. The devices may or may not belong to the person in question. The reach of a PAN is typically a few meters. PANs can be used for communication among the personal devices themselves (intrapersonal communication), or for connecting to a higher level network and the Internet (an uplink).

    Part of that same bad entry is "Pending File Rename Operations" which refers to non-existent temporary files in C:\WINDOWS\SYSTEM32\FxsTmp. Did you attempt to set up some kind of 'network' for multiple devices?

    I do not understand your reference to 'programs you've never heard of.' Are you referring to the scanning programs?
     
  9. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    i never tried to start any network and i never tried anything with bluetooth i dont use it
    but while i was browsing around downloading stuff yeah then i started to notice it and i left it alone for a few days then i started looking it up again and i came accross this site

    and yeah i never heard of the scanning programs
     
  10. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    i did use shareaza my p2p client. which didnt cause the problem but you should look into it. its a good program. n e ways i downloaded files from the net and torrent files. looking for say cracks or serials or something to get either tunebite or replay media catcher to work for me so i could attempt to make my digital library bigger but idk what works and what didnt. i figure i could just terminate the task running in the background. delete the file and make sure it doesnt start up. thats how i always do it and i never have problems. now this redirecting thing. i used to have computer problems a lot when i was younger so i just formatted the hard drive. but thats not good after so many times so i try not to do that with these systems. ive never encounterd a problem like this with redirection. im assuming its some nasty virus rather then some annoying spyware. if anything with bluetooth looks outa place all i did was instal it up in the begining and never accually used the program. i have no use for it yet. and yeah i did install steam but i highly doubt that itll be the problem. i used to use it before too. its the only way to use half life these days since steam took over valves games i guess. i used to use the website gamespy but then it became obsolete and steam was the only thing that workd. my account has all of my cd keys preloaded so i can just click and install. i added a few game mods. some work some didnt. but i know that none of that has anything to do with spyware or viruses. i really think it had something to do with one of the torrent files i tried to use or one of the net files i tried to use. all i want is this redirection issue to go away so i can continue my work without having to format the hard drive
     
  11. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    hmm....for some reason the links are working correctly again. then again it could just be most links....idk right now but i just was testing it the last minute or two and its going to web pages correctly now.....if you cant seem to find a problem in thos txt files...maybe its fixd? idk how since i didnt do anything really
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36


    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
     
  13. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    nevermind now its only doing it sometimes. so theres still an issue. what the hell could it be....
     
  14. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\administrator\desktop\ipod apps\brick.breaker.3d.v1.0.iphone.ipod.touch.cracked-corepda.ipa
    c:\documents and settings\administrator\desktop\replay media catcher 3 + crack\crack\install.txt
    c:\documents and settings\administrator\desktop\replay media catcher 3 + crack\crack\mediacatcher.exe
    c:\documents and settings\administrator\desktop\replay media catcher 3 + crack\setup\rcatsetup.exe
    c:\documents and settings\administrator\desktop\replay media catcher v3.01 inkl. crack und anleitung\rcatsetup.exe
    c:\documents and settings\administrator\desktop\replay media catcher v3.01 inkl. crack und anleitung\unbedingt lesen.txt
    c:\documents and settings\administrator\desktop\replay media catcher v3.01 inkl. crack und anleitung\crack\ahcu.reg
    scanner sequence 3.GL.11
    ----- EOF -----
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Even in German, a Crack is a pirated program. Please uninstall all the pirated software to continue support.

    The malware you have almost certainly came from the programs or processes you pirated. You just don't get something for nothing!
     
  16. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    i deleted the files on the desktop when i saw the log already
     
  17. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    but i already tried to open the file maybe im not sure which one i did try if any. isint it for it to effect the machine i have to run the file? if it sits there and i dont run it it wont infect the machine.. my virus detect isint picking up anything and i just had to immunize a few files in spybot.
     
  18. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    what? no more ideas?
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It would be helpful if I got answers to questions I ask!

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ======================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    By the way, I help others also.
     
  20. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=ff6a0f5ea91a134db691ae9283eb8ffb
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-13 09:25:32
    # local_time=2011-03-13 05:25:32 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1538 16774118 20 3 94429 127657757 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=423
    # found=0
    # cleaned=0
    # scan_time=65
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=ff6a0f5ea91a134db691ae9283eb8ffb
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-03-17 05:14:22
    # local_time=2011-03-17 01:14:22 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1538 16774118 20 3 378761 127942089 0 0
    # compatibility_mode=8192 67108863 100 0 198086 198086 0 0
    # scanned=68127
    # found=8
    # cleaned=0
    # scan_time=3064
    C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP1\A0000201.dll Win32/TrojanDownloader.FakeAlert.BIS trojan (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000926.exe Win32/TrojanDownloader.FakeAlert.BGV trojan (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000927.exe a variant of Win32/Kryptik.LPE trojan (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000928.exe Win32/TrojanDownloader.FakeAlert.AQI trojan (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000929.exe Win32/TrojanDownloader.FakeAlert.BGV trojan (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000930.exe a variant of Win32/Kryptik.LPE trojan (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000931.exe a variant of Win32/Kryptik.LPE trojan (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000932.exe Win32/TrojanDownloader.FakeAlert.AQI trojan (unable to clean) 00000000000000000000000000000000 I

    from the antivirus
     
  21. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    ComboFix 11-03-16.03 - Administrator 03/17/2011 1:32.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1344 [GMT -4:00]
    Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
    AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-13 21:21 . 2011-03-13 21:21 -------- d-----w- c:\program files\ESET
    2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-03-12 21:27 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-12 21:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\program files\SystemRequirementsLab
    2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
    2011-03-12 06:46 . 2011-03-12 06:46 -------- d-----w- c:\program files\Valve
    2011-03-12 06:44 . 2011-03-12 06:44 -------- d-----w- c:\program files\Quick Web Player
    2011-03-11 22:52 . 2011-03-11 22:52 -------- d-----w- c:\program files\PixiePack Codec Pack
    2011-03-11 22:50 . 2011-03-13 21:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tunebite
    2011-03-11 21:25 . 2011-03-11 21:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CrashRpt
    2011-03-11 21:23 . 2011-03-11 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
    2011-03-11 21:23 . 2011-03-11 22:49 -------- d-----w- c:\program files\RapidSolution
    2011-03-11 21:20 . 2011-03-11 21:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\RapidSolution
    2011-03-11 20:41 . 2011-03-11 20:41 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2011-03-11 20:12 . 2011-03-11 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-03-11 19:12 . 2011-03-11 19:12 155648 --sha-r- c:\windows\system32\inetcommz.dll
    2011-03-11 10:40 . 2011-03-12 08:25 -------- d-----w- c:\program files\Steam
    2011-03-11 10:33 . 2011-03-11 19:08 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
    2011-03-11 10:31 . 2011-03-11 10:31 -------- d-----w- c:\windows\Replay Media Catcher
    2011-03-11 10:31 . 2011-03-11 19:09 -------- d-----w- c:\program files\Replay Media Catcher
    2011-03-11 10:17 . 2011-03-11 10:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Jaksta_Technologies_Pty_L
    2011-03-11 10:16 . 2011-03-11 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Applian
    2011-03-10 22:13 . 2011-03-10 22:13 -------- d-----w- c:\program files\iPod
    2011-03-10 22:13 . 2011-03-10 22:14 -------- d-----w- c:\program files\iTunes
    2011-03-09 15:49 . 2011-03-09 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\clone.AD
    2011-03-09 14:04 . 2011-03-15 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\clone.AD
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\clone.AD
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AC3Filter
    2011-03-09 14:03 . 2009-08-12 02:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AviSynth 2.5
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\Gabest
    2011-03-09 03:14 . 2011-03-15 05:40 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
    2011-03-08 11:24 . 2011-03-11 09:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
    2011-03-08 11:24 . 2011-03-08 11:24 -------- d-----w- c:\program files\FileZilla FTP Client
    2011-03-08 11:15 . 2011-03-08 11:15 -------- d-----w- c:\program files\FileZilla Server
    2011-03-08 11:14 . 2011-03-09 01:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-03-08 11:14 . 1999-09-10 17:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
    2011-03-08 11:14 . 1999-09-10 17:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
    2011-03-08 11:14 . 1999-09-10 17:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
    2011-03-08 11:14 . 1999-09-10 17:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
    2011-03-08 11:14 . 2011-03-09 14:02 -------- d-----w- c:\program files\XviD
    2011-03-08 11:14 . 2011-03-08 11:14 641021 ----a-w- c:\windows\unins000.exe
    2011-03-08 11:14 . 2004-07-26 17:13 200192 ----a-w- c:\windows\system32\LameACM.acm
    2011-03-08 11:14 . 2004-07-26 17:12 166912 ----a-w- c:\windows\system32\Lame_enc.dll
    2011-03-08 11:14 . 2004-07-26 17:12 187904 ----a-w- c:\windows\system32\Lame.exe
    2011-03-02 08:04 . 2011-03-02 08:04 -------- d--h--w- c:\windows\PIF
    2011-02-28 21:29 . 2007-12-11 14:52 26784 ----a-w- c:\windows\system32\drivers\tbhsd.sys
    2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
    2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-02-22 07:53 . 2011-02-22 07:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-02-22 07:52 . 2011-02-22 07:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-02-22 07:33 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-02-22 07:31 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-02-22 07:31 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-02-22 07:31 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-02-22 07:22 . 2011-02-22 07:31 -------- dc-h--w- c:\windows\ie8
    2011-02-21 05:25 . 2011-02-21 05:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Freelang Dictionary
    2011-02-21 05:13 . 2011-02-21 05:13 -------- d-----w- C:\TKMIT
    2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Application Data\SurfSecret Privacy Suite
    2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\panda2_0dn
    2011-02-19 14:01 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-02-02 07:58 . 2010-11-16 21:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2010-11-16 21:19 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 18:22 . 2010-12-28 18:22 1409 ----a-w- c:\windows\QTFont.for
    2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
    2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
    .
    [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
    "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [BU]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-12-08 21:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrus Alarm Clock.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrus Alarm Clock.lnk
    backup=c:\windows\pss\Citrus Alarm Clock.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
    2010-10-17 19:38 1259008 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    2009-11-03 23:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    2009-11-03 23:45 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    c:\windows\system32\NvCpl.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering]
    2010-12-19 14:19 223400 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-11-11 21:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WSearch"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Winamp\\winamp.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\zombie panic! source\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\counter-strike\\hl.exe"=
    "c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\half-life\\hl.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:shareaza
    "6346:UDP"= 6346:UDP:shareaza
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 7:12 PM 130376]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 7:40 PM 12856]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 7:12 PM 141768]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 7:12 PM 97352]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 7:12 PM 111944]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 7:12 PM 113096]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 1:00 AM 7168]
    S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [12/19/2009 6:20 PM 111464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
    2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\Download.dll
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ynsgo0g7.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\Panda Security\Panda ID Protect\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-17 01:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
    "ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-796845957-343818398-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,c1,80,9f,f2,f8,37,44,b4,53,6b,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,c1,80,9f,f2,f8,37,44,b4,53,6b,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1008)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\igfxdev.dll
    .
    - - - - - - - > 'Explorer.EXE'(3336)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
    c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
    c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\netprovcredman.dll
    c:\windows\system32\LMIRfsClientNP.dll
    c:\windows\system32\xpsp3res.dll
    c:\progra~1\SPYBOT~1\SDHelper.dll
    c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
    .
    Completion time: 2011-03-17 01:38:03
    ComboFix-quarantined-files.txt 2011-03-17 05:38
    ComboFix2.txt 2011-03-13 22:01
    .
    Pre-Run: 36,460,875,776 bytes free
    Post-Run: 36,450,861,056 bytes free
    .
    - - End Of File - - 4B3FE853A77EFABB49F502E32E364E39
     
  22. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    just let me know when u can
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    Folder::
    c:\documents and settings\All Users\Application Data\McAfee
    FileLook::
    C:\Documents and Settings\Administrator\My Documents\Downloads\8u28kesn.exe
    DirLook::
    C:\TKMIT
    
    RegLock::
    [HKEY_USERS\S-1-5-21-796845957-343818398-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    
    Driver::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).

    Have the redirects been resolved?
     
  24. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    ComboFix 11-03-18.01 - Administrator 03/19/2011 0:46.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1419 [GMT -4:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\McAfee
    c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-19 to 2011-03-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-13 21:21 . 2011-03-13 21:21 -------- d-----w- c:\program files\ESET
    2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-03-12 21:27 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-12 21:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\program files\SystemRequirementsLab
    2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
    2011-03-12 06:46 . 2011-03-12 06:46 -------- d-----w- c:\program files\Valve
    2011-03-12 06:44 . 2011-03-12 06:44 -------- d-----w- c:\program files\Quick Web Player
    2011-03-11 22:52 . 2011-03-11 22:52 -------- d-----w- c:\program files\PixiePack Codec Pack
    2011-03-11 22:50 . 2011-03-13 21:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tunebite
    2011-03-11 21:25 . 2011-03-11 21:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CrashRpt
    2011-03-11 21:23 . 2011-03-11 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
    2011-03-11 21:23 . 2011-03-11 22:49 -------- d-----w- c:\program files\RapidSolution
    2011-03-11 21:20 . 2011-03-11 21:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\RapidSolution
    2011-03-11 20:41 . 2011-03-11 20:41 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2011-03-11 20:12 . 2011-03-11 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-03-11 19:12 . 2011-03-11 19:12 155648 --sha-r- c:\windows\system32\inetcommz.dll
    2011-03-11 10:40 . 2011-03-12 08:25 -------- d-----w- c:\program files\Steam
    2011-03-11 10:33 . 2011-03-11 19:08 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
    2011-03-11 10:31 . 2011-03-11 10:31 -------- d-----w- c:\windows\Replay Media Catcher
    2011-03-11 10:31 . 2011-03-11 19:09 -------- d-----w- c:\program files\Replay Media Catcher
    2011-03-11 10:17 . 2011-03-11 10:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Jaksta_Technologies_Pty_L
    2011-03-11 10:16 . 2011-03-11 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Applian
    2011-03-10 22:13 . 2011-03-10 22:13 -------- d-----w- c:\program files\iPod
    2011-03-10 22:13 . 2011-03-10 22:14 -------- d-----w- c:\program files\iTunes
    2011-03-09 15:49 . 2011-03-09 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\clone.AD
    2011-03-09 14:04 . 2011-03-17 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\clone.AD
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\clone.AD
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AC3Filter
    2011-03-09 14:03 . 2009-08-12 02:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AviSynth 2.5
    2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\Gabest
    2011-03-09 03:14 . 2011-03-17 20:58 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
    2011-03-08 11:24 . 2011-03-11 09:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
    2011-03-08 11:24 . 2011-03-08 11:24 -------- d-----w- c:\program files\FileZilla FTP Client
    2011-03-08 11:15 . 2011-03-08 11:15 -------- d-----w- c:\program files\FileZilla Server
    2011-03-08 11:14 . 2011-03-09 01:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-03-08 11:14 . 1999-09-10 17:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
    2011-03-08 11:14 . 1999-09-10 17:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
    2011-03-08 11:14 . 1999-09-10 17:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
    2011-03-08 11:14 . 1999-09-10 17:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
    2011-03-08 11:14 . 2011-03-09 14:02 -------- d-----w- c:\program files\XviD
    2011-03-08 11:14 . 2011-03-08 11:14 641021 ----a-w- c:\windows\unins000.exe
    2011-03-08 11:14 . 2004-07-26 17:13 200192 ----a-w- c:\windows\system32\LameACM.acm
    2011-03-08 11:14 . 2004-07-26 17:12 166912 ----a-w- c:\windows\system32\Lame_enc.dll
    2011-03-08 11:14 . 2004-07-26 17:12 187904 ----a-w- c:\windows\system32\Lame.exe
    2011-03-02 08:04 . 2011-03-02 08:04 -------- d--h--w- c:\windows\PIF
    2011-02-28 21:29 . 2007-12-11 14:52 26784 ----a-w- c:\windows\system32\drivers\tbhsd.sys
    2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
    2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-02-22 07:53 . 2011-02-22 07:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-02-22 07:52 . 2011-02-22 07:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-02-22 07:33 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-02-22 07:31 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-02-22 07:31 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-02-22 07:31 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-02-22 07:22 . 2011-02-22 07:31 -------- dc-h--w- c:\windows\ie8
    2011-02-21 05:25 . 2011-02-21 05:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Freelang Dictionary
    2011-02-21 05:13 . 2011-02-21 05:13 -------- d-----w- C:\TKMIT
    2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Application Data\SurfSecret Privacy Suite
    2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\panda2_0dn
    2011-02-19 14:01 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-02-02 07:58 . 2010-11-16 21:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2010-11-16 21:19 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 18:22 . 2010-12-28 18:22 1409 ----a-w- c:\windows\QTFont.for
    2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\documents and settings\Administrator\My Documents\Downloads\8u28kesn.exe ---
    Company:
    File Description:
    File Version: 1, 0, 15, 15530
    Product Name:
    Copyright:
    Original Filename:
    File size: 296448
    Created time: 2011-03-12 21:30
    Modified time: 2011-03-12 21:30
    MD5: DF7501A91A7C99CC3F0269080748EE61
    SHA1: 453B6BED84BCC63F52D00B76AB6572F039C69B1F
    .
    ---- Directory of C:\TKMIT ----
    .
    2010-01-26 22:04 . 2010-01-26 22:04 0 ---h--w- c:\tkmit\lystara.fil
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
    2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
    .
    [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
    "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [BU]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-12-08 21:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrus Alarm Clock.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrus Alarm Clock.lnk
    backup=c:\windows\pss\Citrus Alarm Clock.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
    2010-10-17 19:38 1259008 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    2009-11-03 23:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    2009-11-03 23:45 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    c:\windows\system32\NvCpl.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering]
    2010-12-19 14:19 223400 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-11-11 21:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WSearch"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Winamp\\winamp.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\zombie panic! source\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\counter-strike\\hl.exe"=
    "c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\half-life\\hl.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:shareaza
    "6346:UDP"= 6346:UDP:shareaza
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 7:12 PM 130376]
    R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [12/22/2010 9:14 PM 515096]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 6:21 PM 79432]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 5:11 PM 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 7:40 PM 12856]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 7:12 PM 141768]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 7:12 PM 97352]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 7:12 PM 111944]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 7:12 PM 113096]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 1:00 AM 7168]
    S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [12/19/2009 6:20 PM 111464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
    2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\Download.dll
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ynsgo0g7.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\Panda Security\Panda ID Protect\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-19 00:51
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
    "ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(724)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2011-03-19 00:53:26
    ComboFix-quarantined-files.txt 2011-03-19 04:53
    ComboFix2.txt 2011-03-17 05:38
    ComboFix3.txt 2011-03-13 22:01
    .
    Pre-Run: 38,196,273,152 bytes free
    Post-Run: 38,188,560,384 bytes free
    .
    - - End Of File - - 183FF6FCAD53573CE56AB83356E6449C
     
  25. Klocc

    Klocc TS Rookie Topic Starter Posts: 20

    well...idk. the problem hasnt occurd yet. i just checked a few links....although it did that before. but if ur reports r telling u its clean it must be...idk i deleted files an that program just deleted some files too.....so idk
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...