[Solved] Google keeps redirecting me everytime i click a link

Klocc · Mar 17, 2011

ComboFix 11-03-16.03 - Administrator 03/17/2011 1:32.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1344 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-13 21:21 . 2011-03-13 21:21 -------- d-----w- c:\program files\ESET
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-12 21:27 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-12 21:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2011-03-12 06:46 . 2011-03-12 06:46 -------- d-----w- c:\program files\Valve
2011-03-12 06:44 . 2011-03-12 06:44 -------- d-----w- c:\program files\Quick Web Player
2011-03-11 22:52 . 2011-03-11 22:52 -------- d-----w- c:\program files\PixiePack Codec Pack
2011-03-11 22:50 . 2011-03-13 21:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tunebite
2011-03-11 21:25 . 2011-03-11 21:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CrashRpt
2011-03-11 21:23 . 2011-03-11 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2011-03-11 21:23 . 2011-03-11 22:49 -------- d-----w- c:\program files\RapidSolution
2011-03-11 21:20 . 2011-03-11 21:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\RapidSolution
2011-03-11 20:41 . 2011-03-11 20:41 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-03-11 20:12 . 2011-03-11 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-11 19:12 . 2011-03-11 19:12 155648 --sha-r- c:\windows\system32\inetcommz.dll
2011-03-11 10:40 . 2011-03-12 08:25 -------- d-----w- c:\program files\Steam
2011-03-11 10:33 . 2011-03-11 19:08 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-03-11 10:31 . 2011-03-11 10:31 -------- d-----w- c:\windows\Replay Media Catcher
2011-03-11 10:31 . 2011-03-11 19:09 -------- d-----w- c:\program files\Replay Media Catcher
2011-03-11 10:17 . 2011-03-11 10:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2011-03-11 10:16 . 2011-03-11 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Applian
2011-03-10 22:13 . 2011-03-10 22:13 -------- d-----w- c:\program files\iPod
2011-03-10 22:13 . 2011-03-10 22:14 -------- d-----w- c:\program files\iTunes
2011-03-09 15:49 . 2011-03-09 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\clone.AD
2011-03-09 14:04 . 2011-03-15 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\clone.AD
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\clone.AD
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AC3Filter
2011-03-09 14:03 . 2009-08-12 02:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AviSynth 2.5
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\Gabest
2011-03-09 03:14 . 2011-03-15 05:40 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
2011-03-08 11:24 . 2011-03-11 09:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2011-03-08 11:24 . 2011-03-08 11:24 -------- d-----w- c:\program files\FileZilla FTP Client
2011-03-08 11:15 . 2011-03-08 11:15 -------- d-----w- c:\program files\FileZilla Server
2011-03-08 11:14 . 2011-03-09 01:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-08 11:14 . 1999-09-10 17:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
2011-03-08 11:14 . 1999-09-10 17:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2011-03-08 11:14 . 1999-09-10 17:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-03-08 11:14 . 1999-09-10 17:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-03-08 11:14 . 2011-03-09 14:02 -------- d-----w- c:\program files\XviD
2011-03-08 11:14 . 2011-03-08 11:14 641021 ----a-w- c:\windows\unins000.exe
2011-03-08 11:14 . 2004-07-26 17:13 200192 ----a-w- c:\windows\system32\LameACM.acm
2011-03-08 11:14 . 2004-07-26 17:12 166912 ----a-w- c:\windows\system32\Lame_enc.dll
2011-03-08 11:14 . 2004-07-26 17:12 187904 ----a-w- c:\windows\system32\Lame.exe
2011-03-02 08:04 . 2011-03-02 08:04 -------- d--h--w- c:\windows\PIF
2011-02-28 21:29 . 2007-12-11 14:52 26784 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-22 07:53 . 2011-02-22 07:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-02-22 07:52 . 2011-02-22 07:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-22 07:33 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-22 07:31 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-22 07:31 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-22 07:31 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-22 07:22 . 2011-02-22 07:31 -------- dc-h--w- c:\windows\ie8
2011-02-21 05:25 . 2011-02-21 05:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Freelang Dictionary
2011-02-21 05:13 . 2011-02-21 05:13 -------- d-----w- C:\TKMIT
2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Application Data\SurfSecret Privacy Suite
2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\panda2_0dn
2011-02-19 14:01 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-02 07:58 . 2010-11-16 21:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-11-16 21:19 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 18:22 . 2010-12-28 18:22 1409 ----a-w- c:\windows\QTFont.for
2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 21:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrus Alarm Clock.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrus Alarm Clock.lnk
backup=c:\windows\pss\Citrus Alarm Clock.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2010-10-17 19:38 1259008 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-11-03 23:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2009-11-03 23:45 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
c:\windows\system32\NvCpl.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering]
2010-12-19 14:19 223400 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 21:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WSearch"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\half-life\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:shareaza
"6346:UDP"= 6346:UDP:shareaza
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 7:12 PM 130376]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 7:40 PM 12856]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 7:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 7:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 7:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 7:12 PM 113096]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 1:00 AM 7168]
S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [12/19/2009 6:20 PM 111464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\Download.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ynsgo0g7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\Panda Security\Panda ID Protect\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 01:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-796845957-343818398-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,c1,80,9f,f2,f8,37,44,b4,53,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,c1,80,9f,f2,f8,37,44,b4,53,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\LMIinit.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'Explorer.EXE'(3336)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\xpsp3res.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
Completion time: 2011-03-17 01:38:03
ComboFix-quarantined-files.txt 2011-03-17 05:38
ComboFix2.txt 2011-03-13 22:01
.
Pre-Run: 36,460,875,776 bytes free
Post-Run: 36,450,861,056 bytes free
.
- - End Of File - - 4B3FE853A77EFABB49F502E32E364E39

Klocc · Mar 17, 2011

just let me know when u can

Bobbye · Mar 18, 2011

Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code:
File::
Folder::
c:\documents and settings\All Users\Application Data\McAfee
FileLook::
C:\Documents and Settings\Administrator\My Documents\Downloads\8u28kesn.exe
DirLook::
C:\TKMIT

RegLock::
[HKEY_USERS\S-1-5-21-796845957-343818398-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).

Have the redirects been resolved?

Klocc · Mar 19, 2011

ComboFix 11-03-18.01 - Administrator 03/19/2011 0:46.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1419 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\McAfee
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
.
.
((((((((((((((((((((((((( Files Created from 2011-02-19 to 2011-03-19 )))))))))))))))))))))))))))))))
.
.
2011-03-13 21:21 . 2011-03-13 21:21 -------- d-----w- c:\program files\ESET
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-12 21:27 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-12 21:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2011-03-12 06:46 . 2011-03-12 06:46 -------- d-----w- c:\program files\Valve
2011-03-12 06:44 . 2011-03-12 06:44 -------- d-----w- c:\program files\Quick Web Player
2011-03-11 22:52 . 2011-03-11 22:52 -------- d-----w- c:\program files\PixiePack Codec Pack
2011-03-11 22:50 . 2011-03-13 21:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tunebite
2011-03-11 21:25 . 2011-03-11 21:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CrashRpt
2011-03-11 21:23 . 2011-03-11 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2011-03-11 21:23 . 2011-03-11 22:49 -------- d-----w- c:\program files\RapidSolution
2011-03-11 21:20 . 2011-03-11 21:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\RapidSolution
2011-03-11 20:41 . 2011-03-11 20:41 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-03-11 20:12 . 2011-03-11 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-11 19:12 . 2011-03-11 19:12 155648 --sha-r- c:\windows\system32\inetcommz.dll
2011-03-11 10:40 . 2011-03-12 08:25 -------- d-----w- c:\program files\Steam
2011-03-11 10:33 . 2011-03-11 19:08 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-03-11 10:31 . 2011-03-11 10:31 -------- d-----w- c:\windows\Replay Media Catcher
2011-03-11 10:31 . 2011-03-11 19:09 -------- d-----w- c:\program files\Replay Media Catcher
2011-03-11 10:17 . 2011-03-11 10:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2011-03-11 10:16 . 2011-03-11 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Applian
2011-03-10 22:13 . 2011-03-10 22:13 -------- d-----w- c:\program files\iPod
2011-03-10 22:13 . 2011-03-10 22:14 -------- d-----w- c:\program files\iTunes
2011-03-09 15:49 . 2011-03-09 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\clone.AD
2011-03-09 14:04 . 2011-03-17 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\clone.AD
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\clone.AD
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AC3Filter
2011-03-09 14:03 . 2009-08-12 02:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AviSynth 2.5
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\Gabest
2011-03-09 03:14 . 2011-03-17 20:58 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
2011-03-08 11:24 . 2011-03-11 09:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2011-03-08 11:24 . 2011-03-08 11:24 -------- d-----w- c:\program files\FileZilla FTP Client
2011-03-08 11:15 . 2011-03-08 11:15 -------- d-----w- c:\program files\FileZilla Server
2011-03-08 11:14 . 2011-03-09 01:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-08 11:14 . 1999-09-10 17:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
2011-03-08 11:14 . 1999-09-10 17:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2011-03-08 11:14 . 1999-09-10 17:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-03-08 11:14 . 1999-09-10 17:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-03-08 11:14 . 2011-03-09 14:02 -------- d-----w- c:\program files\XviD
2011-03-08 11:14 . 2011-03-08 11:14 641021 ----a-w- c:\windows\unins000.exe
2011-03-08 11:14 . 2004-07-26 17:13 200192 ----a-w- c:\windows\system32\LameACM.acm
2011-03-08 11:14 . 2004-07-26 17:12 166912 ----a-w- c:\windows\system32\Lame_enc.dll
2011-03-08 11:14 . 2004-07-26 17:12 187904 ----a-w- c:\windows\system32\Lame.exe
2011-03-02 08:04 . 2011-03-02 08:04 -------- d--h--w- c:\windows\PIF
2011-02-28 21:29 . 2007-12-11 14:52 26784 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-22 07:53 . 2011-02-22 07:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-02-22 07:52 . 2011-02-22 07:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-22 07:33 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-22 07:31 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-22 07:31 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-22 07:31 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-22 07:22 . 2011-02-22 07:31 -------- dc-h--w- c:\windows\ie8
2011-02-21 05:25 . 2011-02-21 05:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Freelang Dictionary
2011-02-21 05:13 . 2011-02-21 05:13 -------- d-----w- C:\TKMIT
2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Application Data\SurfSecret Privacy Suite
2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\panda2_0dn
2011-02-19 14:01 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-02 07:58 . 2010-11-16 21:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-11-16 21:19 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 18:22 . 2010-12-28 18:22 1409 ----a-w- c:\windows\QTFont.for
2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\documents and settings\Administrator\My Documents\Downloads\8u28kesn.exe ---
Company:
File Description:
File Version: 1, 0, 15, 15530
Product Name:
Copyright:
Original Filename:
File size: 296448
Created time: 2011-03-12 21:30
Modified time: 2011-03-12 21:30
MD5: DF7501A91A7C99CC3F0269080748EE61
SHA1: 453B6BED84BCC63F52D00B76AB6572F039C69B1F
.
---- Directory of C:\TKMIT ----
.
2010-01-26 22:04 . 2010-01-26 22:04 0 ---h--w- c:\tkmit\lystara.fil
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 21:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrus Alarm Clock.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrus Alarm Clock.lnk
backup=c:\windows\pss\Citrus Alarm Clock.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2010-10-17 19:38 1259008 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-11-03 23:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2009-11-03 23:45 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
c:\windows\system32\NvCpl.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering]
2010-12-19 14:19 223400 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 21:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WSearch"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\half-life\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:shareaza
"6346:UDP"= 6346:UDP:shareaza
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 7:12 PM 130376]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [12/22/2010 9:14 PM 515096]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 6:21 PM 79432]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 5:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 7:40 PM 12856]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 7:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 7:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 7:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 7:12 PM 113096]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 1:00 AM 7168]
S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [12/19/2009 6:20 PM 111464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\Download.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ynsgo0g7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\Panda Security\Panda ID Protect\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-19 00:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\LMIinit.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-03-19 00:53:26
ComboFix-quarantined-files.txt 2011-03-19 04:53
ComboFix2.txt 2011-03-17 05:38
ComboFix3.txt 2011-03-13 22:01
.
Pre-Run: 38,196,273,152 bytes free
Post-Run: 38,188,560,384 bytes free
.
- - End Of File - - 183FF6FCAD53573CE56AB83356E6449C

Klocc · Mar 19, 2011

well...idk. the problem hasnt occurd yet. i just checked a few links....although it did that before. but if ur reports r telling u its clean it must be...idk i deleted files an that program just deleted some files too.....so idk

Bobbye · Mar 20, 2011

I cannot resist this! Since you used 'idk' 3 times in your short sentence, I had to look up idk and here's what I found:

Word commonly used by teenyboppers in IM conversations even though they have no clue what it means.

So this opens a world- are you a 'teenybopper' (it was defined as 13 year old). Are you use to IM so you don't know how to use full words any more? Do you know what it means!No answer needed.
==================================
Please run this Custom CFScript

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
c:\windows\unins000.exe
c:\documents and settings\Administrator\My Documents\Downloads\8u28kesn.exe 
Folder::
c:\documents and settings\All Users\Application Data\TEMP
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WSearch"=-
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . No log needed.
====================
Comments:
Regarding Panda Security:
I understand that you think highly of the Panda Suite, but you should know the following:
1.There are 26 separate processes for Panda running- that's a lot.
2. While using Panda, the following malware got on your system:
(Adware.Softomate)
(Trojan.FakeAlert)
(Hijack.Zones)
All were quarantined and deleted by Mbam and I don't see any evidence of remaining entries.
========================
Regarding the Startup menu:
The only processes that need to start on boot are:
1. The antivirus program
2. Firewall if you have 3rd party firewall like Zone Alarm or Comodo. (You should have a firewall.
3. Touchpad if using a laptop.
4. Network processes if using ntw. like Pure Magic/Cisco.
Nothing else.
===========================
Regarding Java: This program is out of date and a vulnerability to your system. Please update to current v6u24 here: Java Updates Uninstall any earlier versions in Add/Remove Programs.

Regarding the Click Potato extension on Firefox:
I recommend that you remove this addon. It is a 'dirty' app that will product malware on the system:
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
============================
Since the redirects have been resolved:
Removing all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download OTCleanIt by OldTimer and save it to your Desktop.

Double click OTCleanIt.exe.

Click the CleanUp! button.

If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

Go to Start > All Programs > Accessories > System Tools

Click "System Restore".

Choose "Create a Restore Point" on the first screen then click "Next".

Give the Restore Point a name> click "Create".

Go back and follow the path to > System Tools.
[*]Choose Disc Cleanup
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin
Let me know if you have any more questions.

Klocc · Mar 20, 2011

your nerd jokes arnt funny. im not a kid im 23 and ive been screwing up my computer since i was 9 and i learned a lot since then. so dont be ignorant lol IM HIGH (go figure and tired too) but im not going to go into anymore detail as to why i dont know. but i think ill be straight after this. u could of simplify that message a lot but thanks if whatever this did fix the problem. who knows i might show up for something else later. c ya on the boards lol

Klocc · Mar 20, 2011

ooohh yeah...so what antivirus would YOU recommend? i hate norton it always gave me viruses and i hated mcafee cuz it screwd with my registry and my computer and panda was good. and this cloud antivirus is supposed to be the freeware version some backdoor thing. and ive never had any serous problems with it so far. this was it.

Bobbye · Mar 20, 2011

I'm glad you took my joking in the manner it was meant!

Both of the following antivirus program are free and good: (use one only)
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version

Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
Comodo
Zone Alarm

TechSpot

[Solved] Google keeps redirecting me everytime i click a link

Klocc Newcomer, in training

Klocc Newcomer, in training

Bobbye Helper on the Fringe

Klocc Newcomer, in training

Klocc Newcomer, in training

Bobbye Helper on the Fringe

Klocc Newcomer, in training

Klocc Newcomer, in training

Bobbye Helper on the Fringe