Solved Google keeps redirecting me everytime i click a link

K

Klocc

Posts: 20   +0
okay so i kinda get this you need my hijackthis file info and here it is....i have no idea what to do right now




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:48:40 AM, on 3/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\anaylsys.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ant.com Download Toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 9596 bytes
 
Welcome to TechSpot! I'll help with the redirect, but we don't 'screen' for malware with HijackThis.

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Bobbye said:
Welcome to TechSpot! I'll help with the redirect, but we don't 'screen' for malware with HijackThis.

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
Click to expand...


okay in the steps i use my panda cloud antivirus. did that yesterday without even looking at the steps.

as for the malware on step 3 heres the notepad info...


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6038

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/12/2011 4:34:36 PM
mbam-log-2011-03-12 (16-34-36).txt

Scan type: Quick scan
Objects scanned: 145389
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\KUGHGZXAKT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Lxekya.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Lxekyb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


i know im not posting in order but as for dds file

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 16:55:24.23 on Sat 03/12/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1051 [GMT -5:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
svchost.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\8u28kesn.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\Download.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\AntToolbar.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Tunebite] c:\program files\rapidsolution\tunebite\Tunebite.exe -tray
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [FileZilla Server Interface] "c:\program files\filezilla server\FileZilla Server Interface.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRunOnce: [RunNarrator] Narrator.exe
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ynsgo0g7.default\
FF - component: c:\program files\panda security\panda id protect\firefox\components\FFKeypad.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\panda security\panda id protect\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2010-12-22 515096]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-2 47640]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
S3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys --> c:\windows\system32\drivers\appliand.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2009-12-19 111464]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-03-12 21:27:33 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-03-12 21:27:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-12 21:27:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-12 21:27:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 21:27:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-12 07:25:06 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-12 06:46:03 -------- d-----w- c:\program files\Valve
2011-03-12 06:44:33 -------- d-----w- c:\program files\Quick Web Player
2011-03-11 22:52:37 -------- d-----w- c:\program files\PixiePack Codec Pack
2011-03-11 21:25:05 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\CrashRpt
2011-03-11 21:23:55 -------- d-----w- c:\program files\RapidSolution
2011-03-11 21:23:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\RapidSolution
2011-03-11 21:20:26 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\RapidSolution
2011-03-11 20:41:28 -------- d-----w- c:\program files\common files\Software Update Utility
2011-03-11 19:12:57 155648 --sha-r- c:\windows\system32\inetcommz.dll
2011-03-11 10:40:51 -------- d-----w- c:\program files\Steam
2011-03-11 10:33:25 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-03-11 10:31:50 -------- d-----w- c:\windows\Replay Media Catcher
2011-03-11 10:31:14 -------- d-----w- c:\program files\Replay Media Catcher
2011-03-11 10:17:50 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Jaksta_Technologies_Pty_L
2011-03-11 10:16:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applian
2011-03-10 22:13:32 -------- d-----w- c:\program files\iPod
2011-03-10 22:13:26 -------- d-----w- c:\program files\iTunes
2011-03-09 15:49:22 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\clone.AD
2011-03-09 14:04:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\clone.AD
2011-03-09 14:03:57 -------- d-----w- c:\program files\clone.AD
2011-03-09 14:03:49 497664 ----a-w- c:\windows\system32\ac3filter.acm
2011-03-09 14:03:49 -------- d-----w- c:\program files\AC3Filter
2011-03-09 14:03:33 -------- d-----w- c:\program files\AviSynth 2.5
2011-03-09 03:14:22 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
2011-03-08 11:15:01 -------- d-----w- c:\program files\FileZilla Server
2011-03-08 11:14:11 5600 ----a-w- c:\windows\system\WINASPI.DLL
2011-03-08 11:14:11 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2011-03-08 11:14:11 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-03-08 11:14:11 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-03-08 11:14:09 -------- d-----w- c:\program files\XviD
2011-03-08 11:14:08 641021 ----a-w- c:\windows\unins000.exe
2011-03-08 11:14:08 200192 ----a-w- c:\windows\system32\LameACM.acm
2011-03-08 11:14:08 187904 ----a-w- c:\windows\system32\Lame.exe
2011-03-08 11:14:08 166912 ----a-w- c:\windows\system32\Lame_enc.dll
2011-03-02 08:04:44 -------- d--h--w- c:\windows\PIF
2011-02-28 21:29:54 26784 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-02-24 05:25:59 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2011-02-24 05:25:05 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-02-22 07:53:02 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-02-22 07:33:06 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-22 07:32:50 -------- d-----w- c:\windows\ie8updates
2011-02-22 07:31:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-22 07:31:51 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-22 07:31:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-22 07:22:09 -------- dc-h--w- c:\windows\ie8
2011-02-21 05:25:06 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Freelang Dictionary
2011-02-21 05:13:49 -------- d-----w- C:\TKMIT
2011-02-19 14:01:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security URL Filtering
2011-02-12 23:14:30 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Temp
2011-02-12 23:12:43 -------- d-----w- c:\windows\system32\Adobe
2011-02-12 23:09:38 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Adobe
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 13:31:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 13:31:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 18:22:27 1409 ----a-w- c:\windows\QTFont.for
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec
2010-12-16 23:39:53 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
.
============= FINISH: 16:57:04.34 ===============

and for the attach file along with it

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/16/2010 4:26:50 PM
System Uptime: 3/12/2011 4:37:16 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 42.229 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 202.957 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1D5019814A4FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\1D5019814A4FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP1: 3/11/2011 3:11:58 PM - System Checkpoint
RP2: 3/11/2011 4:22:26 PM - Installed Audials
RP3: 3/11/2011 4:23:52 PM - Installed Audials
RP4: 3/11/2011 4:24:52 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP5: 3/11/2011 5:46:31 PM - Removed Audials TV
RP6: 3/11/2011 5:47:23 PM - Removed Audials
RP7: 3/11/2011 5:49:11 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP8: 3/11/2011 5:49:58 PM - Installed Tunebite
RP9: 3/12/2011 12:47:01 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Age of Chivalry
AIM 7
Alarm Clock v1.0
Ant.com IE add-on
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avi.NET 3.2.0.0
AviSynth 2.5
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
Broadcom TPM Driver Installer
CDBurnerXP
Citrus Alarm Clock 2.0
cladDVD.NET v3.5.7
Conexant HDA D330 MDC V.92 Modem
Counter-Strike
Counter-Strike: Source
Day of Defeat
Dell Driver Download Manager
Dell Touchpad
DivX Setup
Download Updater (AOL LLC)
Elasto Mania
Empires
EVEREST Home Edition v2.20
EVEREST Ultimate Edition v5.50
FileZilla Client 3.3.5.1
FileZilla Server (remove only)
Freelang Dictionary (wordlist)
Freelang Dictionary 3.74 beta
Half-Life 2
Half-Life 2 Awakening 1.1
Half-Life 2: Episode One
Half-Life Decay PC 1.0
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Icy Tower v1.4
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java(TM) 6 Update 23
LogMeIn
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.15)
NVIDIA Drivers
OZ776 SCR Driver V1.1.4.202
Panda Cloud Antivirus
Panda Identity Protect 3.0.44
Panda Security Toolbar
Panda Security URL Filtering
PixiePack Codec Pack
Poke646 1.0
QuickTime
Ricochet
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shareaza 2.5.4.0
SigmaTel Audio
SourceForts 1.9.4.1 Fixed
Spybot - Search & Destroy
Steam
Synergy
System Requirements Lab
Team Fortress Classic
Tunebite
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.7
VobSub v2.23 (Remove Only)
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
Windows XP Service Pack 3
WinRAR archiver
XviD & MP3 Codec Pack (remove only)
Xvid 1.2.2 final uninstall
Zombie Panic Source
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
3/8/2011 12:03:24 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
3/8/2011 12:03:24 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
3/7/2011 10:16:52 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
3/12/2011 4:46:49 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
3/12/2011 4:38:19 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/12/2011 3:51:50 PM, error: Service Control Manager [7031] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The NMSAccess service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:42 PM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The FileZilla Server FTP server service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:41 PM, error: Service Control Manager [7034] - The Ant Toolbar updater service service terminated unexpectedly. It has done this 1 time(s).
3/12/2011 3:51:41 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/11/2011 5:16:42 AM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.
3/11/2011 4:24:45 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
3/11/2011 4:24:45 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TempSFX\msi\VCRedistSmartCheckerDll.dll. Reference error message: The operation completed successfully. .
3/11/2011 4:24:45 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
3/11/2011 3:41:03 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
.
==== End Of File ===========================


and as for gmer its...


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-12 18:03:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9120823AS rev.3.ADB
Running: 8u28kesn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for XP32/Panda Security, S.L.) ZwTerminateProcess [0xB2B72416]

---- Kernel code sections - GMER 1.0.15 ----

? fmgk.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D61360, 0x30A247, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2160] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10406373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 02C7B5B6
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02C7C304
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02C7BFED
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02C7C20E
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 02C7B4F9
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02C7C093
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02C7C13D
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 02C7B91A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 02C7C572
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 02C7CAAC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 02C7C4A5
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 02C7C9C7
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 02C7CE63
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 02C7CF2D
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02C7B9F5
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 02C7C8DF
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 02C7C71B
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 02C7C392
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 02C7C63F
.text C:\Program Files\Mozilla Firefox\firefox.exe[2684] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 02C7C7F7
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3556] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10406373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Control\Session Manager@PendingFileRenameOperations ???;ri???????;???????????????????@???.??????pci??;???????????F?F?????;??????????eN??? ???????B???????????;????????6????????????06??????? ???????????????????19???c?c?c?c?;??? ??????? ???????????;???????????????????????;???????????????????????????1???????????????1???????????1???????????????1????X??F???????????????.????????r??????????????/???????????/???????????/?????e?/???????????1???????????l??????@????1?????????s?1???;??? ??????????????????Microsoft???? ???;???????????e???????????????????????t?t?&????0??;???????????????;?;?;?;?;?;?;?;f????????????????????????????;???;??? ???????????????????(???????? ?@?????????yce???Bluetooth Personal Area Network??;???;???;???????????????????????e?????????????????????????????? A?????b???F?????????????h?????????d a???????????t?????? W???????????t???????6??????????? ???????0???????????o?????? w???????????a?????? u???????????m??????pd???????????e???????0???????????a???????4???????????i???????8???????????r???????????;??????????????? h??F???e??????ox?????c???B???;?????s?????????

---- EOF - GMER 1.0.15 ----
 
and i use panda cloud anti virus and spy bot search and destroy they seem like the best ive used so far. no need for a firewall. its not a business computer
 
Are you actually using the remote login?
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
============================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=======================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Logs from each please in next reply.
 
okay i use logmein free. i used to use vnc but it just got too old and logmein was so much easier just connect to the web and i got a nice connection java based i believe

the first one gave me no errors but heres the report

2011/03/13 17:18:44.0906 2992 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/13 17:18:45.0015 2992 ================================================================================
2011/03/13 17:18:45.0015 2992 SystemInfo:
2011/03/13 17:18:45.0015 2992
2011/03/13 17:18:45.0015 2992 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/13 17:18:45.0015 2992 Product type: Workstation
2011/03/13 17:18:45.0015 2992 ComputerName: K_LOCC
2011/03/13 17:18:45.0015 2992 UserName: Administrator
2011/03/13 17:18:45.0015 2992 Windows directory: C:\WINDOWS
2011/03/13 17:18:45.0015 2992 System windows directory: C:\WINDOWS
2011/03/13 17:18:45.0015 2992 Processor architecture: Intel x86
2011/03/13 17:18:45.0015 2992 Number of processors: 2
2011/03/13 17:18:45.0015 2992 Page size: 0x1000
2011/03/13 17:18:45.0015 2992 Boot type: Normal boot
2011/03/13 17:18:45.0015 2992 ================================================================================
2011/03/13 17:18:45.0265 2992 Initialize success
2011/03/13 17:18:59.0921 1052 ================================================================================
2011/03/13 17:18:59.0921 1052 Scan started
2011/03/13 17:18:59.0921 1052 Mode: Manual;
2011/03/13 17:18:59.0921 1052 ================================================================================
2011/03/13 17:19:01.0250 1052 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/13 17:19:01.0328 1052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/13 17:19:01.0437 1052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/13 17:19:01.0562 1052 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/13 17:19:01.0875 1052 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/03/13 17:19:02.0000 1052 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/13 17:19:02.0218 1052 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/03/13 17:19:02.0250 1052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/13 17:19:02.0281 1052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/13 17:19:02.0359 1052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/13 17:19:02.0437 1052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/13 17:19:02.0500 1052 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/03/13 17:19:02.0593 1052 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/03/13 17:19:02.0671 1052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/13 17:19:02.0765 1052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/13 17:19:02.0859 1052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/13 17:19:02.0937 1052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/13 17:19:03.0031 1052 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/13 17:19:03.0093 1052 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/03/13 17:19:03.0218 1052 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/13 17:19:03.0328 1052 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/13 17:19:03.0468 1052 CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys
2011/03/13 17:19:03.0625 1052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/13 17:19:03.0718 1052 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/13 17:19:03.0828 1052 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/13 17:19:03.0906 1052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/13 17:19:03.0968 1052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/13 17:19:04.0078 1052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/13 17:19:04.0218 1052 EverestDriver (76984d46b2abaa46f8b3fcef82c9217d) C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
2011/03/13 17:19:04.0359 1052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/13 17:19:04.0406 1052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/13 17:19:04.0468 1052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/13 17:19:04.0546 1052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/13 17:19:04.0593 1052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/13 17:19:04.0656 1052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/13 17:19:04.0703 1052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/13 17:19:04.0796 1052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/13 17:19:04.0875 1052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/13 17:19:04.0953 1052 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
2011/03/13 17:19:05.0031 1052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/13 17:19:05.0125 1052 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/13 17:19:05.0250 1052 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/03/13 17:19:05.0343 1052 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/03/13 17:19:05.0468 1052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/13 17:19:05.0656 1052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/13 17:19:05.0875 1052 ialm (37eb2dc75d8f6451ae55071610dc24e1) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/13 17:19:06.0109 1052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/13 17:19:06.0296 1052 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/13 17:19:06.0343 1052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/13 17:19:06.0406 1052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/13 17:19:06.0468 1052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/13 17:19:06.0531 1052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/13 17:19:06.0593 1052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/13 17:19:06.0671 1052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/13 17:19:06.0734 1052 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/13 17:19:06.0781 1052 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/13 17:19:06.0875 1052 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/13 17:19:06.0921 1052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/13 17:19:06.0984 1052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/13 17:19:07.0156 1052 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/03/13 17:19:07.0250 1052 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/03/13 17:19:07.0359 1052 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/03/13 17:19:07.0421 1052 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/13 17:19:07.0531 1052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/13 17:19:07.0625 1052 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/13 17:19:07.0718 1052 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/13 17:19:07.0765 1052 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/13 17:19:07.0812 1052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/13 17:19:07.0906 1052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/13 17:19:08.0031 1052 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/13 17:19:08.0093 1052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/13 17:19:08.0140 1052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/13 17:19:08.0156 1052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/13 17:19:08.0203 1052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/13 17:19:08.0296 1052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/13 17:19:08.0328 1052 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/13 17:19:08.0375 1052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/13 17:19:08.0421 1052 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/13 17:19:08.0468 1052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/13 17:19:08.0515 1052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/13 17:19:08.0593 1052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/13 17:19:08.0640 1052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/13 17:19:08.0703 1052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/13 17:19:09.0000 1052 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/03/13 17:19:09.0234 1052 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/13 17:19:09.0328 1052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/13 17:19:09.0375 1052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/13 17:19:09.0500 1052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/13 17:19:09.0859 1052 nv (77f427e51479c66c09f967d15b639b37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/13 17:19:10.0218 1052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/13 17:19:10.0265 1052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/13 17:19:10.0375 1052 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/13 17:19:10.0437 1052 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/13 17:19:10.0468 1052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/13 17:19:10.0546 1052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/13 17:19:10.0593 1052 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/13 17:19:10.0703 1052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/13 17:19:10.0750 1052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/13 17:19:11.0140 1052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/13 17:19:11.0203 1052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/13 17:19:11.0281 1052 PSINAflt (fdc5fbcc24fff63b0dc8057f77224bdc) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
2011/03/13 17:19:11.0359 1052 PSINFile (21340bae4746bb87685eb7b0340e37f4) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
2011/03/13 17:19:11.0437 1052 PSINKNC (043bb8afcb1fad95046f4cc9374fddf3) C:\WINDOWS\system32\DRIVERS\psinknc.sys
2011/03/13 17:19:11.0468 1052 PSINProc (a821bb25b89ced1999eaf40feb9e3fec) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
2011/03/13 17:19:11.0484 1052 PSINProt (fdb3745e5458ef8e1a39edd65c0d4dec) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
2011/03/13 17:19:11.0546 1052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/13 17:19:11.0593 1052 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/13 17:19:11.0703 1052 qcusbser (8075c797f81aa2e2d9ab92438c0a4a8b) C:\WINDOWS\system32\DRIVERS\qcusbser.sys
2011/03/13 17:19:11.0968 1052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/13 17:19:12.0046 1052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/13 17:19:12.0093 1052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/13 17:19:12.0156 1052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/13 17:19:12.0218 1052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/13 17:19:12.0265 1052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/13 17:19:12.0296 1052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/13 17:19:12.0343 1052 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/13 17:19:12.0390 1052 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/13 17:19:12.0484 1052 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/03/13 17:19:12.0578 1052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/13 17:19:12.0640 1052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/13 17:19:12.0687 1052 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/13 17:19:12.0781 1052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/13 17:19:12.0937 1052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/13 17:19:12.0984 1052 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/13 17:19:13.0046 1052 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/13 17:19:13.0156 1052 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/03/13 17:19:13.0281 1052 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/03/13 17:19:13.0375 1052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/13 17:19:13.0453 1052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/13 17:19:13.0656 1052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/13 17:19:13.0734 1052 tbhsd (5d8c820e2d885c25ffc6bbc5d4fe073c) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/03/13 17:19:13.0843 1052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/13 17:19:13.0890 1052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/13 17:19:13.0906 1052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/13 17:19:13.0968 1052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/13 17:19:14.0093 1052 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/03/13 17:19:14.0187 1052 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2011/03/13 17:19:14.0250 1052 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/03/13 17:19:14.0296 1052 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/03/13 17:19:14.0359 1052 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/03/13 17:19:14.0406 1052 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/03/13 17:19:14.0484 1052 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2011/03/13 17:19:14.0578 1052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/13 17:19:14.0734 1052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/13 17:19:14.0828 1052 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/13 17:19:14.0921 1052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/13 17:19:15.0000 1052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/13 17:19:15.0046 1052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/13 17:19:15.0093 1052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/13 17:19:15.0125 1052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/13 17:19:15.0171 1052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/13 17:19:15.0203 1052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/13 17:19:15.0312 1052 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/13 17:19:15.0390 1052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/13 17:19:15.0484 1052 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/03/13 17:19:15.0593 1052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/13 17:19:15.0703 1052 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/13 17:19:15.0843 1052 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/13 17:19:15.0953 1052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/13 17:19:16.0000 1052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/13 17:19:16.0093 1052 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2011/03/13 17:19:16.0343 1052 ================================================================================
2011/03/13 17:19:16.0343 1052 Scan finished
2011/03/13 17:19:16.0343 1052 ================================================================================



and i knew panda was the best this one didnt find anything


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=ff6a0f5ea91a134db691ae9283eb8ffb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-13 09:25:32
# local_time=2011-03-13 05:25:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1538 16774118 20 3 94429 127657757 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=423
# found=0
# cleaned=0
# scan_time=65



and as for combofix i had lil issue i gave me blue screen....link 1 did i used link 2 workd for me. anyways this one gave me a lil problem but its done

ComboFix 11-03-12.01 - Administrator 03/13/2011 17:47:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1541 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Local
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-13 21:21 . 2011-03-13 21:21 -------- d-----w- c:\program files\ESET
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-12 21:27 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-12 21:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2011-03-12 06:46 . 2011-03-12 06:46 -------- d-----w- c:\program files\Valve
2011-03-12 06:44 . 2011-03-12 06:44 -------- d-----w- c:\program files\Quick Web Player
2011-03-11 22:52 . 2011-03-11 22:52 -------- d-----w- c:\program files\PixiePack Codec Pack
2011-03-11 22:50 . 2011-03-13 21:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tunebite
2011-03-11 21:25 . 2011-03-11 21:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CrashRpt
2011-03-11 21:23 . 2011-03-11 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2011-03-11 21:23 . 2011-03-11 22:49 -------- d-----w- c:\program files\RapidSolution
2011-03-11 21:20 . 2011-03-11 21:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\RapidSolution
2011-03-11 20:41 . 2011-03-11 20:41 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-03-11 20:12 . 2011-03-11 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-11 19:12 . 2011-03-11 19:12 155648 --sha-r- c:\windows\system32\inetcommz.dll
2011-03-11 10:40 . 2011-03-12 08:25 -------- d-----w- c:\program files\Steam
2011-03-11 10:33 . 2011-03-11 19:08 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-03-11 10:31 . 2011-03-11 10:31 -------- d-----w- c:\windows\Replay Media Catcher
2011-03-11 10:31 . 2011-03-11 19:09 -------- d-----w- c:\program files\Replay Media Catcher
2011-03-11 10:17 . 2011-03-11 10:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2011-03-11 10:16 . 2011-03-11 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Applian
2011-03-10 22:13 . 2011-03-10 22:13 -------- d-----w- c:\program files\iPod
2011-03-10 22:13 . 2011-03-10 22:14 -------- d-----w- c:\program files\iTunes
2011-03-09 15:49 . 2011-03-09 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\clone.AD
2011-03-09 14:04 . 2011-03-09 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\clone.AD
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\clone.AD
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AC3Filter
2011-03-09 14:03 . 2009-08-12 02:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AviSynth 2.5
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\Gabest
2011-03-09 03:14 . 2011-03-09 13:58 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
2011-03-08 11:24 . 2011-03-11 09:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2011-03-08 11:24 . 2011-03-08 11:24 -------- d-----w- c:\program files\FileZilla FTP Client
2011-03-08 11:15 . 2011-03-08 11:15 -------- d-----w- c:\program files\FileZilla Server
2011-03-08 11:14 . 2011-03-09 01:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-08 11:14 . 1999-09-10 17:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
2011-03-08 11:14 . 1999-09-10 17:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2011-03-08 11:14 . 1999-09-10 17:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-03-08 11:14 . 1999-09-10 17:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-03-08 11:14 . 2011-03-09 14:02 -------- d-----w- c:\program files\XviD
2011-03-08 11:14 . 2011-03-08 11:14 641021 ----a-w- c:\windows\unins000.exe
2011-03-08 11:14 . 2004-07-26 17:13 200192 ----a-w- c:\windows\system32\LameACM.acm
2011-03-08 11:14 . 2004-07-26 17:12 166912 ----a-w- c:\windows\system32\Lame_enc.dll
2011-03-08 11:14 . 2004-07-26 17:12 187904 ----a-w- c:\windows\system32\Lame.exe
2011-03-02 08:04 . 2011-03-02 08:04 -------- d--h--w- c:\windows\PIF
2011-02-28 21:29 . 2007-12-11 14:52 26784 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-22 07:53 . 2011-02-22 07:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-02-22 07:52 . 2011-02-22 07:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-22 07:33 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-22 07:31 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-22 07:31 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-22 07:31 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-22 07:22 . 2011-02-22 07:31 -------- dc-h--w- c:\windows\ie8
2011-02-21 05:25 . 2011-02-21 05:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Freelang Dictionary
2011-02-21 05:13 . 2011-02-21 05:13 -------- d-----w- C:\TKMIT
2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Application Data\SurfSecret Privacy Suite
2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\panda2_0dn
2011-02-19 14:01 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering
2011-02-12 23:14 . 2011-02-12 23:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2011-02-12 23:12 . 2011-02-12 23:12 -------- d-----w- c:\windows\system32\Adobe
2011-02-12 23:11 . 2011-02-12 23:11 -------- d-----w- c:\program files\Common Files\Adobe
2011-02-12 23:09 . 2011-02-12 23:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-02-12 23:09 . 2011-02-12 23:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-02-12 23:09 . 2011-02-12 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-02 07:58 . 2010-11-16 21:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-11-16 21:19 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 18:22 . 2010-12-28 18:22 1409 ----a-w- c:\windows\QTFont.for
2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2010-12-16 23:39 . 2010-12-16 23:39 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
2010-12-16 23:12 . 2010-12-16 23:12 113096 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2010-12-16 23:12 . 2010-12-16 23:12 111944 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2010-12-16 23:12 . 2010-12-16 23:12 130376 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2010-12-16 23:12 . 2010-12-16 23:12 97352 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2010-12-16 23:12 . 2010-12-16 23:12 141768 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe" [2010-10-17 1259008]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 21:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrus Alarm Clock.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrus Alarm Clock.lnk
backup=c:\windows\pss\Citrus Alarm Clock.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-11-03 23:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2009-11-03 23:45 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering]
2010-12-19 14:19 223400 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 21:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WSearch"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\half-life\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:shareaza
"6346:UDP"= 6346:UDP:shareaza
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 7:12 PM 130376]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [12/22/2010 9:14 PM 515096]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 6:21 PM 79432]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 5:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 7:40 PM 12856]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 7:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 7:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 7:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 7:12 PM 113096]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 1:00 AM 7168]
S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [12/19/2009 6:20 PM 111464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\Download.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ynsgo0g7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\Panda Security\Panda ID Protect\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
MSConfigStartUp-HotKeysCmds - c:\windows\system32\hkcmd.exe
MSConfigStartUp-IgfxTray - c:\windows\system32\igfxtray.exe
MSConfigStartUp-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
MSConfigStartUp-KUGHGZXAKT - c:\docume~1\ADMINI~1\LOCALS~1\Temp\Lwd.exe
MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-NVHotkey - nvHotkey.dll
MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-Panda Security Toolbar Antiphishing - c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe
MSConfigStartUp-Persistence - c:\windows\system32\igfxpers.exe
MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-796845957-343818398-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,c1,80,9f,f2,f8,37,44,b4,53,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,c1,80,9f,f2,f8,37,44,b4,53,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(2124)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Zune\ZuneBusEnum.exe
.
**************************************************************************
.
Completion time: 2011-03-13 18:01:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-13 22:01
.
Pre-Run: 45,077,614,592 bytes free
Post-Run: 44,916,224,000 bytes free
.
- - End Of File - - 45A3AE1335FDA474D24098D07884252C
 
i still dont get why all these different programs i never heard of. but i did only have to read half of the instuctions because they were too userfrienly for me

i can see how its showing file paths and all and maybe if something is there. i use a few different programs to do certain things and i got a new(er) computer and the programs that it needs in the background im still having troubble seeing whats what and with the startup

i just remember i never needed anything to load up in the startup except whatever i wanted. now i need the track pad and such (but thats all because its a laptop and it needs the accessories) and i got the d630 it had a bad video card they replaced it for free because of some class action lawsuit so the new hardware is in there. assuming they put the same? somehow settings changed after he put that in

i use clone screen too to my tv. its always nice to play a little half life on the big screen haha wish i had this thing years ago when i was accually playing
 
I notice the day you left the first logs was 3/12. On that same date, you installed Steam and Valve The day before, 3/11, you installed RapidSolution:

Valve Corporation is an American video game development and digital distribution company. Its social-distribution network Steam.
Steam is a digital distribution, digital rights management, multiplayer and communications platform developed by Valve Corporation.
RapidSolution was most likely the source for Tunebite which will Legally record, convert and enjoy copy-protected music.

Is it possible that you used a file sharing site for these programs and got malware that way? Did you have the redirects before these 3 downloads?

There is a bad Registry entry for, in part, a Bluetooth Personal Area Network (PAN). A Bluetooth PAN is also called a piconet, and is composed of up to 8 active devices in a master-slave relationship (a very large number of devices can be connected in "parked" mode).This is a wireless network.A personal area network (PAN) is a computer network used for communication among computer devices, including telephones and personal digital assistants, in proximity to an individual's body. The devices may or may not belong to the person in question. The reach of a PAN is typically a few meters. PANs can be used for communication among the personal devices themselves (intrapersonal communication), or for connecting to a higher level network and the Internet (an uplink).

Part of that same bad entry is "Pending File Rename Operations" which refers to non-existent temporary files in C:\WINDOWS\SYSTEM32\FxsTmp. Did you attempt to set up some kind of 'network' for multiple devices?

I do not understand your reference to 'programs you've never heard of.' Are you referring to the scanning programs?
 
i never tried to start any network and i never tried anything with bluetooth i dont use it
but while i was browsing around downloading stuff yeah then i started to notice it and i left it alone for a few days then i started looking it up again and i came accross this site

and yeah i never heard of the scanning programs
 
i did use shareaza my p2p client. which didnt cause the problem but you should look into it. its a good program. n e ways i downloaded files from the net and torrent files. looking for say cracks or serials or something to get either tunebite or replay media catcher to work for me so i could attempt to make my digital library bigger but idk what works and what didnt. i figure i could just terminate the task running in the background. delete the file and make sure it doesnt start up. thats how i always do it and i never have problems. now this redirecting thing. i used to have computer problems a lot when i was younger so i just formatted the hard drive. but thats not good after so many times so i try not to do that with these systems. ive never encounterd a problem like this with redirection. im assuming its some nasty virus rather then some annoying spyware. if anything with bluetooth looks outa place all i did was instal it up in the begining and never accually used the program. i have no use for it yet. and yeah i did install steam but i highly doubt that itll be the problem. i used to use it before too. its the only way to use half life these days since steam took over valves games i guess. i used to use the website gamespy but then it became obsolete and steam was the only thing that workd. my account has all of my cd keys preloaded so i can just click and install. i added a few game mods. some work some didnt. but i know that none of that has anything to do with spyware or viruses. i really think it had something to do with one of the torrent files i tried to use or one of the net files i tried to use. all i want is this redirection issue to go away so i can continue my work without having to format the hard drive
 
hmm....for some reason the links are working correctly again. then again it could just be most links....idk right now but i just was testing it the last minute or two and its going to web pages correctly now.....if you cant seem to find a problem in thos txt files...maybe its fixd? idk how since i didnt do anything really
 
ts a good program. n e ways i downloaded files from the net and torrent files. looking for say cracks or serials or something to get either tunebite or replay media catcher
Click to expand...


Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
    in your next reply.
 
nevermind now its only doing it sometimes. so theres still an issue. what the hell could it be....
 
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\administrator\desktop\ipod apps\brick.breaker.3d.v1.0.iphone.ipod.touch.cracked-corepda.ipa
c:\documents and settings\administrator\desktop\replay media catcher 3 + crack\crack\install.txt
c:\documents and settings\administrator\desktop\replay media catcher 3 + crack\crack\mediacatcher.exe
c:\documents and settings\administrator\desktop\replay media catcher 3 + crack\setup\rcatsetup.exe
c:\documents and settings\administrator\desktop\replay media catcher v3.01 inkl. crack und anleitung\rcatsetup.exe
c:\documents and settings\administrator\desktop\replay media catcher v3.01 inkl. crack und anleitung\unbedingt lesen.txt
c:\documents and settings\administrator\desktop\replay media catcher v3.01 inkl. crack und anleitung\crack\ahcu.reg
scanner sequence 3.GL.11
----- EOF -----
 
Even in German, a Crack is a pirated program. Please uninstall all the pirated software to continue support.

The malware you have almost certainly came from the programs or processes you pirated. You just don't get something for nothing!
 
but i already tried to open the file maybe im not sure which one i did try if any. isint it for it to effect the machine i have to run the file? if it sits there and i dont run it it wont infect the machine.. my virus detect isint picking up anything and i just had to immunize a few files in spybot.
 
It would be helpful if I got answers to questions I ask!

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
======================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

By the way, I help others also.
 
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=ff6a0f5ea91a134db691ae9283eb8ffb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-13 09:25:32
# local_time=2011-03-13 05:25:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1538 16774118 20 3 94429 127657757 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=423
# found=0
# cleaned=0
# scan_time=65
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=ff6a0f5ea91a134db691ae9283eb8ffb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-17 05:14:22
# local_time=2011-03-17 01:14:22 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1538 16774118 20 3 378761 127942089 0 0
# compatibility_mode=8192 67108863 100 0 198086 198086 0 0
# scanned=68127
# found=8
# cleaned=0
# scan_time=3064
C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP1\A0000201.dll Win32/TrojanDownloader.FakeAlert.BIS trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000926.exe Win32/TrojanDownloader.FakeAlert.BGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000927.exe a variant of Win32/Kryptik.LPE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000928.exe Win32/TrojanDownloader.FakeAlert.AQI trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000929.exe Win32/TrojanDownloader.FakeAlert.BGV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000930.exe a variant of Win32/Kryptik.LPE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000931.exe a variant of Win32/Kryptik.LPE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{5B3BECDE-4345-46FE-9499-AE5599B2C26D}\RP9\A0000932.exe Win32/TrojanDownloader.FakeAlert.AQI trojan (unable to clean) 00000000000000000000000000000000 I

from the antivirus
 
ComboFix 11-03-16.03 - Administrator 03/17/2011 1:32.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1344 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-13 21:21 . 2011-03-13 21:21 -------- d-----w- c:\program files\ESET
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-12 21:27 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-12 21:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2011-03-12 06:46 . 2011-03-12 06:46 -------- d-----w- c:\program files\Valve
2011-03-12 06:44 . 2011-03-12 06:44 -------- d-----w- c:\program files\Quick Web Player
2011-03-11 22:52 . 2011-03-11 22:52 -------- d-----w- c:\program files\PixiePack Codec Pack
2011-03-11 22:50 . 2011-03-13 21:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tunebite
2011-03-11 21:25 . 2011-03-11 21:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CrashRpt
2011-03-11 21:23 . 2011-03-11 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2011-03-11 21:23 . 2011-03-11 22:49 -------- d-----w- c:\program files\RapidSolution
2011-03-11 21:20 . 2011-03-11 21:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\RapidSolution
2011-03-11 20:41 . 2011-03-11 20:41 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-03-11 20:12 . 2011-03-11 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-11 19:12 . 2011-03-11 19:12 155648 --sha-r- c:\windows\system32\inetcommz.dll
2011-03-11 10:40 . 2011-03-12 08:25 -------- d-----w- c:\program files\Steam
2011-03-11 10:33 . 2011-03-11 19:08 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-03-11 10:31 . 2011-03-11 10:31 -------- d-----w- c:\windows\Replay Media Catcher
2011-03-11 10:31 . 2011-03-11 19:09 -------- d-----w- c:\program files\Replay Media Catcher
2011-03-11 10:17 . 2011-03-11 10:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2011-03-11 10:16 . 2011-03-11 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Applian
2011-03-10 22:13 . 2011-03-10 22:13 -------- d-----w- c:\program files\iPod
2011-03-10 22:13 . 2011-03-10 22:14 -------- d-----w- c:\program files\iTunes
2011-03-09 15:49 . 2011-03-09 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\clone.AD
2011-03-09 14:04 . 2011-03-15 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\clone.AD
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\clone.AD
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AC3Filter
2011-03-09 14:03 . 2009-08-12 02:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AviSynth 2.5
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\Gabest
2011-03-09 03:14 . 2011-03-15 05:40 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
2011-03-08 11:24 . 2011-03-11 09:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2011-03-08 11:24 . 2011-03-08 11:24 -------- d-----w- c:\program files\FileZilla FTP Client
2011-03-08 11:15 . 2011-03-08 11:15 -------- d-----w- c:\program files\FileZilla Server
2011-03-08 11:14 . 2011-03-09 01:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-08 11:14 . 1999-09-10 17:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
2011-03-08 11:14 . 1999-09-10 17:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2011-03-08 11:14 . 1999-09-10 17:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-03-08 11:14 . 1999-09-10 17:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-03-08 11:14 . 2011-03-09 14:02 -------- d-----w- c:\program files\XviD
2011-03-08 11:14 . 2011-03-08 11:14 641021 ----a-w- c:\windows\unins000.exe
2011-03-08 11:14 . 2004-07-26 17:13 200192 ----a-w- c:\windows\system32\LameACM.acm
2011-03-08 11:14 . 2004-07-26 17:12 166912 ----a-w- c:\windows\system32\Lame_enc.dll
2011-03-08 11:14 . 2004-07-26 17:12 187904 ----a-w- c:\windows\system32\Lame.exe
2011-03-02 08:04 . 2011-03-02 08:04 -------- d--h--w- c:\windows\PIF
2011-02-28 21:29 . 2007-12-11 14:52 26784 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-22 07:53 . 2011-02-22 07:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-02-22 07:52 . 2011-02-22 07:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-22 07:33 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-22 07:31 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-22 07:31 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-22 07:31 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-22 07:22 . 2011-02-22 07:31 -------- dc-h--w- c:\windows\ie8
2011-02-21 05:25 . 2011-02-21 05:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Freelang Dictionary
2011-02-21 05:13 . 2011-02-21 05:13 -------- d-----w- C:\TKMIT
2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Application Data\SurfSecret Privacy Suite
2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\panda2_0dn
2011-02-19 14:01 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-02 07:58 . 2010-11-16 21:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-11-16 21:19 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 18:22 . 2010-12-28 18:22 1409 ----a-w- c:\windows\QTFont.for
2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 21:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrus Alarm Clock.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrus Alarm Clock.lnk
backup=c:\windows\pss\Citrus Alarm Clock.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2010-10-17 19:38 1259008 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-11-03 23:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2009-11-03 23:45 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
c:\windows\system32\NvCpl.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering]
2010-12-19 14:19 223400 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 21:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WSearch"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\half-life\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:shareaza
"6346:UDP"= 6346:UDP:shareaza
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 7:12 PM 130376]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 7:40 PM 12856]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 7:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 7:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 7:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 7:12 PM 113096]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 1:00 AM 7168]
S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [12/19/2009 6:20 PM 111464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\Download.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ynsgo0g7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\Panda Security\Panda ID Protect\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 01:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-796845957-343818398-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,c1,80,9f,f2,f8,37,44,b4,53,6b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,c1,80,9f,f2,f8,37,44,b4,53,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\LMIinit.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'Explorer.EXE'(3336)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\xpsp3res.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
Completion time: 2011-03-17 01:38:03
ComboFix-quarantined-files.txt 2011-03-17 05:38
ComboFix2.txt 2011-03-13 22:01
.
Pre-Run: 36,460,875,776 bytes free
Post-Run: 36,450,861,056 bytes free
.
- - End Of File - - 4B3FE853A77EFABB49F502E32E364E39
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
Folder::
c:\documents and settings\All Users\Application Data\McAfee
FileLook::
C:\Documents and Settings\Administrator\My Documents\Downloads\8u28kesn.exe
DirLook::
C:\TKMIT

RegLock::
[HKEY_USERS\S-1-5-21-796845957-343818398-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
3/12/2011 3:51:42 PM, error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).

Have the redirects been resolved?
 
ComboFix 11-03-18.01 - Administrator 03/19/2011 0:46.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1419 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\McAfee
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
.
.
((((((((((((((((((((((((( Files Created from 2011-02-19 to 2011-03-19 )))))))))))))))))))))))))))))))
.
.
2011-03-13 21:21 . 2011-03-13 21:21 -------- d-----w- c:\program files\ESET
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-12 21:27 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-12 21:27 . 2011-03-12 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-12 21:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\program files\SystemRequirementsLab
2011-03-12 07:25 . 2011-03-12 07:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2011-03-12 06:46 . 2011-03-12 06:46 -------- d-----w- c:\program files\Valve
2011-03-12 06:44 . 2011-03-12 06:44 -------- d-----w- c:\program files\Quick Web Player
2011-03-11 22:52 . 2011-03-11 22:52 -------- d-----w- c:\program files\PixiePack Codec Pack
2011-03-11 22:50 . 2011-03-13 21:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tunebite
2011-03-11 21:25 . 2011-03-11 21:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CrashRpt
2011-03-11 21:23 . 2011-03-11 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2011-03-11 21:23 . 2011-03-11 22:49 -------- d-----w- c:\program files\RapidSolution
2011-03-11 21:20 . 2011-03-11 21:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\RapidSolution
2011-03-11 20:41 . 2011-03-11 20:41 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-03-11 20:12 . 2011-03-11 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-11 19:12 . 2011-03-11 19:12 155648 --sha-r- c:\windows\system32\inetcommz.dll
2011-03-11 10:40 . 2011-03-12 08:25 -------- d-----w- c:\program files\Steam
2011-03-11 10:33 . 2011-03-11 19:08 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-03-11 10:31 . 2011-03-11 10:31 -------- d-----w- c:\windows\Replay Media Catcher
2011-03-11 10:31 . 2011-03-11 19:09 -------- d-----w- c:\program files\Replay Media Catcher
2011-03-11 10:17 . 2011-03-11 10:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2011-03-11 10:16 . 2011-03-11 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Applian
2011-03-10 22:13 . 2011-03-10 22:13 -------- d-----w- c:\program files\iPod
2011-03-10 22:13 . 2011-03-10 22:14 -------- d-----w- c:\program files\iTunes
2011-03-09 15:49 . 2011-03-09 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\clone.AD
2011-03-09 14:04 . 2011-03-17 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\clone.AD
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\clone.AD
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AC3Filter
2011-03-09 14:03 . 2009-08-12 02:18 497664 ----a-w- c:\windows\system32\ac3filter.acm
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\AviSynth 2.5
2011-03-09 14:03 . 2011-03-09 14:03 -------- d-----w- c:\program files\Gabest
2011-03-09 03:14 . 2011-03-17 20:58 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
2011-03-08 11:24 . 2011-03-11 09:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2011-03-08 11:24 . 2011-03-08 11:24 -------- d-----w- c:\program files\FileZilla FTP Client
2011-03-08 11:15 . 2011-03-08 11:15 -------- d-----w- c:\program files\FileZilla Server
2011-03-08 11:14 . 2011-03-09 01:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-08 11:14 . 1999-09-10 17:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
2011-03-08 11:14 . 1999-09-10 17:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2011-03-08 11:14 . 1999-09-10 17:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2011-03-08 11:14 . 1999-09-10 17:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-03-08 11:14 . 2011-03-09 14:02 -------- d-----w- c:\program files\XviD
2011-03-08 11:14 . 2011-03-08 11:14 641021 ----a-w- c:\windows\unins000.exe
2011-03-08 11:14 . 2004-07-26 17:13 200192 ----a-w- c:\windows\system32\LameACM.acm
2011-03-08 11:14 . 2004-07-26 17:12 166912 ----a-w- c:\windows\system32\Lame_enc.dll
2011-03-08 11:14 . 2004-07-26 17:12 187904 ----a-w- c:\windows\system32\Lame.exe
2011-03-02 08:04 . 2011-03-02 08:04 -------- d--h--w- c:\windows\PIF
2011-02-28 21:29 . 2007-12-11 14:52 26784 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-02-24 05:25 . 2011-02-24 05:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-22 07:53 . 2011-02-22 07:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-02-22 07:52 . 2011-02-22 07:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-22 07:33 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-22 07:31 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-22 07:31 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-22 07:31 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-22 07:22 . 2011-02-22 07:31 -------- dc-h--w- c:\windows\ie8
2011-02-21 05:25 . 2011-02-21 05:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Freelang Dictionary
2011-02-21 05:13 . 2011-02-21 05:13 -------- d-----w- C:\TKMIT
2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Application Data\SurfSecret Privacy Suite
2011-02-19 14:02 . 2011-02-19 14:02 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\panda2_0dn
2011-02-19 14:01 . 2011-03-11 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-02 07:58 . 2010-11-16 21:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-11-16 21:19 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 18:22 . 2010-12-28 18:22 1409 ----a-w- c:\windows\QTFont.for
2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\documents and settings\Administrator\My Documents\Downloads\8u28kesn.exe ---
Company:
File Description:
File Version: 1, 0, 15, 15530
Product Name:
Copyright:
Original Filename:
File size: 296448
Created time: 2011-03-12 21:30
Modified time: 2011-03-12 21:30
MD5: DF7501A91A7C99CC3F0269080748EE61
SHA1: 453B6BED84BCC63F52D00B76AB6572F039C69B1F
.
---- Directory of C:\TKMIT ----
.
2010-01-26 22:04 . 2010-01-26 22:04 0 ---h--w- c:\tkmit\lystara.fil
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 21:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrus Alarm Clock.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrus Alarm Clock.lnk
backup=c:\windows\pss\Citrus Alarm Clock.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2010-10-17 19:38 1259008 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-11-03 23:35 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2009-11-03 23:45 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
c:\windows\system32\NvCpl.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering]
2010-12-19 14:19 223400 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 21:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WSearch"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\wednesdayslatestproject\\half-life\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:shareaza
"6346:UDP"= 6346:UDP:shareaza
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 7:12 PM 130376]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [12/22/2010 9:14 PM 515096]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 6:21 PM 79432]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 5:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 7:40 PM 12856]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 7:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 7:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 7:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 7:12 PM 113096]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 1:00 AM 7168]
S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [12/19/2009 6:20 PM 111464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\Download.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ynsgo0g7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\Panda Security\Panda ID Protect\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-19 00:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\LMIinit.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-03-19 00:53:26
ComboFix-quarantined-files.txt 2011-03-19 04:53
ComboFix2.txt 2011-03-17 05:38
ComboFix3.txt 2011-03-13 22:01
.
Pre-Run: 38,196,273,152 bytes free
Post-Run: 38,188,560,384 bytes free
.
- - End Of File - - 183FF6FCAD53573CE56AB83356E6449C
 
well...idk. the problem hasnt occurd yet. i just checked a few links....although it did that before. but if ur reports r telling u its clean it must be...idk i deleted files an that program just deleted some files too.....so idk
 

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
3K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
3K
Broni
Broni

Latest posts

Back