Hijacked browser search engines

[hilton7949]

Problem computer is running xp professional with SP3. In both Firefox and Internet Explorer, Google searches result in various marketing url's to appear beneath the blurb.See attached screenshot jpg. I have posted the dds.txt below and attached the zip file containing attach.txt and ark.txt. As you will see, I have Panda Internet security installed, but this was done after the problem showed up.
Online scan showed troj_malagent.fp
rootkit.win32.agent.fub
backdoor.win32.small.dlv

Allowing the scans to fix/quarantine/delete has not repaired the search engine problem. I'd sure appreciate help with this!


DDS (Version 1.1.0) - NTFSx86
Run by Owner at 9:01:52.07 on Sun 12/28/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.322 [GMT -5:00]

AV: Panda Internet Security 2009 *On-access scanning enabled* (Updated)
FW: Panda Personal Firewall 2009 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost -k Panda
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE
c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\MTV Networks\URGE\UrgeMS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
uRun: [Mozilla Quick Launch] "c:\program files\netscape\netscape\Netscp.exe" -turbo
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [UC_Start] c:\ibmtools\updater\ucstartup.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2009\Inicio.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quickenw\BILLMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelc~1.lnk - c:\windows\installer\{a0b295c3-fd3c-11d4-a811-0090279106c3}\I_26dadCC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quickenw\QWDLLS.EXE
TCP: {F843C0CE-CE64-4A2B-83C8-BBDBCFF3AA37} = 69.111.95.106,206.196.151.153
Notify: avldr - avldr.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\68d1fesc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\mozilla firefox\components\MyComponent.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-7-9 28544]
R1 APPFLT;App Filter Plugin;\??\c:\windows\system32\drivers\APPFLT.SYS [2008-12-27 73728]
R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\drivers\DSAFLT.SYS [2008-12-27 52992]
R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\drivers\fnetmon.SYS [2008-12-27 22072]
R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\drivers\IDSFLT.SYS [2008-12-27 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\drivers\NETFLTDI.SYS [2008-12-27 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-12-27 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\drivers\WNMFLT.SYS [2008-12-27 46720]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda []
R2 Panda Software Controller;Panda Software Controller;"c:\program files\panda security\panda internet security 2009\PsCtrls.exe" [2008-12-27 181504]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2008-12-27 84024]
R2 PAVFNSVR;Panda Function Service;"c:\program files\panda security\panda internet security 2009\PavFnSvr.exe" [2008-12-27 169216]
R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\PavProc.sys [2008-12-27 179640]
R2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda security\pavshld\pavprsrv.exe" [2008-12-27 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;"c:\program files\panda security\panda internet security 2009\pavsrv51.exe" [2008-12-27 288512]
R2 PskSvcRetail;Panda PSK service;"c:\program files\panda security\panda internet security 2009\PskSvc.exe" [2008-12-27 28928]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys []
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2008-12-27 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys []
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\LNE100V5.sys [2004-5-1 36224]
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\ngrpci.sys [2099-2-23 32840]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys []
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\pelmouse.sys [2003-10-31 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2003-10-31 9216]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.sys [2008-2-6 44928]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-1-26 728083]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*

=============== Created Last 30 ================

2008-12-27 18:22 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-27 16:58 8,627 a------- c:\windows\system32\PAV_FOG.OPC
2008-12-27 16:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Backup
2008-12-27 16:40 54,832 a------- c:\windows\system32\pavcpl.cpl
2008-12-27 16:40 446,464 a------- c:\windows\system32\HHActiveX.dll
2008-12-27 16:40 520,448 a------- c:\windows\system32\PavSHook.dll
2008-12-27 16:40 193,280 a------- c:\windows\system32\TpUtil.dll
2008-12-27 16:40 107,568 a------- c:\windows\system32\SYSTOOLS.DLL
2008-12-27 16:40 87,296 a------- c:\windows\system32\PavLspHook.dll
2008-12-27 16:40 55,552 a------- c:\windows\system32\pavipc.dll
2008-12-27 16:40 197,888 a------- c:\windows\system32\drivers\neti1634.sys
2008-12-27 16:40 58,672 a------- c:\windows\system32\avldr.dll
2008-12-27 16:40 <DIR> --d----- c:\windows\system32\PAV
2008-12-27 16:40 <DIR> --d----- c:\docume~1\owner\applic~1\Panda Security
2008-12-27 16:40 <DIR> --d----- c:\program files\Panda Security
2008-12-27 16:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Panda Security
2008-12-27 16:38 179,640 a------- c:\windows\system32\drivers\PavProc.sys
2008-12-27 16:38 41,144 a------- c:\windows\system32\drivers\ShlDrv51.sys
2008-12-27 16:38 <DIR> --d----- c:\program files\common files\Panda Security
2008-12-27 09:41 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2008-12-27 09:41 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-27 09:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 09:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 09:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-27 09:18 <DIR> a-dshr-- C:\cmdcons
2008-12-27 09:17 161,792 a------- c:\windows\SWREG.exe
2008-12-27 09:17 98,816 a------- c:\windows\sed.exe
2008-12-27 09:16 <DIR> --d----- C:\ComboFix
2008-12-27 09:03 <DIR> --d----- C:\ComboFix-1
2008-12-26 22:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2008-12-26 15:02 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-26 15:02 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-26 05:40 <DIR> --d----- c:\documents and settings\owner\.housecall6.6

==================== Find3M ====================

2008-12-28 08:51 234,924 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-12-28 08:51 234,924 a------- c:\windows\system32\drivers\APPFCONT.DAT
2008-12-28 08:45 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-12-28 08:45 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

============= FINISH: 9:03:25.67 ===============

[amateur]

Hello and welcome to TSF.

Sorry for the delayed response. If you haven't received help elsewhere and still need assistance, please post a fresh DDS.txt, and we'll take it from there.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don’t hear from you in three days this thread will be closed.

[hilton7949]

Whew! Thanks so much for responding. I have not used the computer since posting, but here is a new DDS.txt file and thanks in advance for your help. Browser hijacking is a new one to me.


DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 14:29:38.92 on Mon 01/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.379 [GMT -5:00]

AV: Panda Internet Security 2009 *On-access scanning enabled* (Updated)
FW: Panda Personal Firewall 2009 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost -k Panda
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE
c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\ApvxdWin.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
C:\temporary stuff\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
uRun: [Mozilla Quick Launch] "c:\program files\netscape\netscape\Netscp.exe" -turbo
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [UC_Start] c:\ibmtools\updater\ucstartup.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2009\Inicio.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quickenw\BILLMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelc~1.lnk - c:\windows\installer\{a0b295c3-fd3c-11d4-a811-0090279106c3}\I_26dadCC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quickenw\QWDLLS.EXE
Trusted Zone: turbotax.com
TCP: {F843C0CE-CE64-4A2B-83C8-BBDBCFF3AA37} = 69.111.95.106,206.196.151.153
Notify: avldr - avldr.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-7-9 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-12-27 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-12-27 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-12-27 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-12-27 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-12-27 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-12-27 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-12-27 46720]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2008-12-27 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R4 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda internet security 2009\PsCtrlS.exe [2008-12-27 181504]
R4 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2008-12-27 84024]
R4 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet security 2009\PavFnSvr.exe [2008-12-27 169216]
R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-12-27 179640]
R4 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2008-12-27 62768]
R4 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda internet security 2009\PAVSRV51.EXE [2008-12-27 288512]
R4 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2009\psksvc.exe [2008-12-27 28928]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2004-5-1 36224]
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2099-2-23 32840]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2003-10-31 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [2003-10-31 9216]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-6 44928]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-1-26 728083]

=============== Created Last 30 ================

2008-12-28 09:06 250 a------- c:\windows\gmer.ini
2008-12-27 18:22 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-27 16:58 8,627 a------- c:\windows\system32\PAV_FOG.OPC
2008-12-27 16:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Backup
2008-12-27 16:40 54,832 a------- c:\windows\system32\pavcpl.cpl
2008-12-27 16:40 446,464 a------- c:\windows\system32\HHActiveX.dll
2008-12-27 16:40 520,448 a------- c:\windows\system32\PavSHook.dll
2008-12-27 16:40 193,280 a------- c:\windows\system32\TpUtil.dll
2008-12-27 16:40 107,568 a------- c:\windows\system32\SYSTOOLS.DLL
2008-12-27 16:40 87,296 a------- c:\windows\system32\PavLspHook.dll
2008-12-27 16:40 55,552 a------- c:\windows\system32\pavipc.dll
2008-12-27 16:40 197,888 a------- c:\windows\system32\drivers\neti1634.sys
2008-12-27 16:40 58,672 a------- c:\windows\system32\avldr.dll
2008-12-27 16:40 <DIR> --d----- c:\windows\system32\PAV
2008-12-27 16:40 <DIR> --d----- c:\docume~1\owner\applic~1\Panda Security
2008-12-27 16:40 <DIR> --d----- c:\program files\Panda Security
2008-12-27 16:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Panda Security
2008-12-27 16:38 179,640 a------- c:\windows\system32\drivers\PavProc.sys
2008-12-27 16:38 41,144 a------- c:\windows\system32\drivers\ShlDrv51.sys
2008-12-27 16:38 <DIR> --d----- c:\program files\common files\Panda Security
2008-12-27 09:41 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2008-12-27 09:41 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-27 09:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 09:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 09:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-27 09:18 <DIR> a-dshr-- C:\cmdcons
2008-12-27 09:17 161,792 a------- c:\windows\SWREG.exe
2008-12-27 09:17 98,816 a------- c:\windows\sed.exe
2008-12-27 09:16 <DIR> --d----- C:\ComboFix
2008-12-27 09:03 <DIR> --d----- C:\ComboFix-1
2008-12-26 22:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2008-12-26 15:02 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-26 15:02 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-26 05:40 <DIR> --d----- c:\documents and settings\owner\.housecall6.6

==================== Find3M ====================

2009-01-11 12:38 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-01-11 12:38 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG
2008-12-29 09:00 241,440 a------- c:\windows\system32\drivers\APPFCONT.DAT
2008-12-29 09:00 241,440 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 14:31:03.34 ===============

[amateur]

Hi,

Looks like you ran Combofix and MBAM. Please post their logs so that I can have an idea what has happened.

Combofix.txt should be located at C:\Combofix.txt
MBAM logs can be found by clicking the Logs tab in MBAM.

[hilton7949]

Combo fix Log followed by MBAM log:
ComboFix 08-12-26.03 - Owner 2008-12-27 9:18:53.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.694 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\addon.dat
c:\program files\altcmd
c:\program files\altcmd\uninstall.bat
c:\program files\Bifrost
c:\program files\Bifrost\klog.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\kmd.exe
c:\windows\system32\ms.dll
c:\windows\system32\ntnet.drv
c:\windows\system32\system32.dll
c:\windows\system32\tmp.reg
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.

2099-03-18 18:41 . 2002-03-14 19:46 45,056 --a------ c:\windows\system32\ico.exe
2008-12-27 09:03 . 2008-12-27 09:03 <DIR> d-------- C:\ComboFix-1
2008-12-26 22:00 . 2008-12-26 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-26 15:03 . 2008-12-26 15:03 <DIR> d-------- c:\windows\Sun
2008-12-26 15:02 . 2008-12-26 15:01 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-26 15:02 . 2008-12-26 15:01 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-26 05:40 . 2008-12-26 09:44 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 13:59 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-27 13:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 03:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-26 20:01 --------- d-----w c:\program files\Java
2008-12-26 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-22 04:24 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-21 11:55 --------- d-----w c:\program files\SpywareBlaster
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-11-16 17:40 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-13 16:13 --------- d-----w c:\program files\HP
2008-11-13 13:58 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2002-09-11 14:26 63,730 ----a-w c:\program files\viewsonicinstruct_xp.pdf
2008-07-06 14:37 6,656 ----a-w c:\program files\mozilla firefox\components\MyComponent.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 532480]
"Mozilla Quick Launch"="c:\program files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 532480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"UC_Start"="c:\ibmtools\Updater\ucstartup.exe" [2003-03-17 32768]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-05-05 114741]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-05-10 36864]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-13 c:\windows\system32\irprops.cpl]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-04-22 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Billminder.lnk - c:\program files\QUICKENW\BILLMIND.EXE [2004-03-18 36864]
CorelCENTRAL 10.lnk - c:\windows\Installer\{A0B295C3-FD3C-11D4-A811-0090279106C3}\I_26dadCC.exe [2004-05-28 5222]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 614531]
Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2004-03-18 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XJPG"= camfc.dll
"aux4"= wdmaud.sys

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-07-09 28544]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\DRIVERS\LNE100V5.sys [2004-05-01 36224]
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\ngrpci.sys [2099-02-23 32840]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2003-10-31 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2003-10-31 9216]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2008-02-06 44928]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\DRIVERS\ucdnt.sys [2004-01-26 728083]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96ea8323-cf87-11dd-a718-000d604b0381}]
\Shell\AutoRun\command - E:\StartPortableApps.exe

*Newly Created Service* - DCFS2K

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{713C3A3D-7FE7-57B6-29A4-2D4A6D499A5A}]
c:\program files\Bifrost\WMPLAYER.EXE s
.
Contents of the 'Scheduled Tasks' folder

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2005-03-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 16:26]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-tgcmd - (no file)
HKLM-Run-tgcmd - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
TCP: {F843C0CE-CE64-4A2B-83C8-BBDBCFF3AA37} = 69.111.95.106,206.196.151.153
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\68d1fesc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\Mozilla Firefox\components\MyComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 09:20:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-27 9:21:43
ComboFix-quarantined-files.txt 2008-12-27 14:21:06
ComboFix2.txt 2008-02-22 12:10:13

Pre-Run: 98,818,134,016 bytes free
Post-Run: 98,791,350,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

184 --- E O F --- 2008-12-22 23:25:38

Malwarebytes' Anti-Malware 1.31
Database version: 1554
Windows 5.1.2600 Service Pack 3

12/27/2008 11:54:04 AM
mbam-log-2008-12-27 (11-54-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 123033
Time elapsed: 46 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[amateur]

Hi,

Please go to Start>Control Panel>Add or Remove Programs and remove the following old versions of Java:

Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start

Leave Java(TM) 6 Update 11 alone as it's the latest version.

===========================

• Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won’t work)
• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop
• Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Code:

Folder::
c:\documents and settings\All Users\Application Data\avg8

DDS::
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - 
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - 
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - 
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - 

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{713C3A3D-7FE7-57B6-29A4-2D4A6D499A5A}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=-

Driver::
PCDRDRV

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

============================

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

============================

Please post the Combofix.txt and the Kaspersky report in your next reply. Also let me know if you're still experiencing redirections.

[hilton7949]

Combo fix is stuck trying to reboot windows. Should I force it to reboot? Screen says "rebooting windows...please wait." It's been like that for a few hours.

[amateur]

It shouldn't take that long. Please restart and see if it has produced a log at C:\Combofix.txt

[hilton7949]

ComboFix 09-01-11.04 - Owner 2009-01-13 8:23:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.419 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
AV: Panda Internet Security 2009 *On-access scanning disabled* (Updated)
FW: Panda Personal Firewall 2009 *disabled*
* Created a new restore point
.

Kapersky scan results:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 13, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 13, 2009 18:03:52
Records in database: 1615127
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 85076
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:04:19


File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\system32\wdmaud.sys.vir Infected: Rootkit.Win32.Agent.fwt 1
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP25\A0004531.sys Infected: Rootkit.Win32.Agent.fwt 1
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP9\A0000251.sys Infected: Rootkit.Win32.Agent.fub 1
C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP9\A0000252.exe Infected: Backdoor.Win32.Small.dlv 1

The selected area was scanned.
~~~~~~~~
Before I posted, I did a google search for Department of Natural Resources and the links were correct. However, it looks like Kapersky found some problems.

[amateur]

Hi,

Quote:

Before I posted, I did a google search for Department of Natural Resources and the links were correct. However, it looks like Kapersky found some problems.

What Kaspersky found is in the System Restore cache which won't harm you unless you restore the system to an infected date, and will be cleared shortly when we are done and uninstall Combofix. For now, however, the Combofix.txt seems to be truncated. Can you please post the complete log.

[hilton7949]

I looked at the combofix text log again. That's all there is. Perhaps it didn't finish properly? Do you want me to run it again?

[amateur]

Yes, please do.

[hilton7949]

I never had any luck getting a log file when I loaded the script into it. It would only do the truncated version. This morning I ran it only using combofix. Here is the log:

ComboFix 09-01-11.04 - Owner 2009-01-14 8:48:57.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.464 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Panda Internet Security 2009 *On-access scanning disabled* (Updated)
FW: Panda Personal Firewall 2009 *disabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2099-03-18 21:32 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2099-03-18 18:52 . 2002-08-29 08:00 98,176 --a------ c:\windows\system32\drivers\NBF.SYS
2099-03-18 18:41 . 2002-03-14 19:46 45,056 --a------ c:\windows\system32\ico.exe
2099-02-23 08:59 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\drivers\ohci1394.sys
2099-02-23 08:59 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\drivers\1394bus.sys
2099-02-23 08:59 . 2001-08-17 15:12 32,840 --a------ c:\windows\system32\drivers\Ngrpci.sys
2099-02-23 08:59 . 2001-08-17 16:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2008-12-28 09:06 . 2008-12-28 09:06 250 --a------ c:\windows\gmer.ini
2008-12-27 18:23 . 2008-12-27 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-27 18:22 . 2008-12-27 18:22 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-27 16:58 . 2009-01-13 14:06 8,627 --a------ c:\windows\system32\PAV_FOG.OPC
2008-12-27 16:41 . 2009-01-13 19:21 241,440 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-12-27 16:41 . 2009-01-13 19:21 241,440 --a------ c:\windows\system32\drivers\APPFCONT.DAT
2008-12-27 16:41 . 2008-06-18 16:06 193,792 --a------ c:\windows\system32\drivers\idsflt.sys
2008-12-27 16:41 . 2008-07-11 14:58 158,848 --a------ c:\windows\system32\drivers\NETFLTDI.SYS
2008-12-27 16:41 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys
2008-12-27 16:41 . 2008-06-25 15:42 73,728 --a------ c:\windows\system32\drivers\APPFLT.SYS
2008-12-27 16:41 . 2008-06-18 16:06 52,992 --a------ c:\windows\system32\drivers\dsaflt.sys
2008-12-27 16:41 . 2008-06-18 16:06 46,720 --a------ c:\windows\system32\drivers\wnmflt.sys
2008-12-27 16:41 . 2008-03-28 11:25 22,072 --a------ c:\windows\system32\drivers\fnetmon.sys
2008-12-27 16:41 . 2009-01-14 08:31 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-12-27 16:41 . 2009-01-14 08:31 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG
2008-12-27 16:41 . 2008-12-27 16:41 261 --a------ c:\windows\system32\PavCPL.dat
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\windows\system32\PAV
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\program files\Panda Security
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Panda Security
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Panda Security
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Backup
2008-12-27 16:40 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll
2008-12-27 16:40 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll
2008-12-27 16:40 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys
2008-12-27 16:40 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll
2008-12-27 16:40 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL
2008-12-27 16:40 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll
2008-12-27 16:40 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\avldr.dll
2008-12-27 16:40 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\pavipc.dll
2008-12-27 16:40 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\pavcpl.cpl
2008-12-27 16:38 . 2008-12-27 16:38 <DIR> d-------- c:\program files\Common Files\Panda Security
2008-12-27 16:38 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys
2008-12-27 16:38 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys
2008-12-27 09:41 . 2008-12-27 09:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 09:41 . 2008-12-27 09:41 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-27 09:41 . 2008-12-27 09:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 09:41 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 09:41 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 22:00 . 2008-12-26 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-26 15:03 . 2008-12-26 15:03 <DIR> d-------- c:\windows\Sun
2008-12-26 15:02 . 2008-12-26 15:01 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-26 15:02 . 2008-12-26 15:01 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-26 05:40 . 2008-12-26 09:44 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 18:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-12 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-29 18:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-28 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 23:23 --------- d-----w c:\program files\Lavasoft
2008-12-27 17:31 --------- d-----w c:\program files\Google
2008-12-27 15:36 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-26 20:01 --------- d-----w c:\program files\Java
2008-12-21 11:55 --------- d-----w c:\program files\SpywareBlaster
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-11-16 17:40 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 532480]
"Mozilla Quick Launch"="c:\program files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 532480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"UC_Start"="c:\ibmtools\Updater\ucstartup.exe" [2003-03-17 32768]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-05-05 114741]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-05-10 36864]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-13 c:\windows\system32\irprops.cpl]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-04-22 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Billminder.lnk - c:\program files\QUICKENW\BILLMIND.EXE [2004-03-18 36864]
CorelCENTRAL 10.lnk - c:\windows\Installer\{A0B295C3-FD3C-11D4-A811-0090279106C3}\I_26dadCC.exe [2004-05-28 5222]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 614531]
Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2004-03-18 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XJPG"= camfc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-07-09 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-12-27 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-12-27 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-12-27 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-12-27 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-12-27 16:41:02 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-12-27 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-12-27 46720]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2008-12-27 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-12-27 179640]
R4 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\psksvc.exe [2008-12-27 28928]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2004-05-01 36224]
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2099-02-23 32840]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2003-10-31 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [2003-10-31 9216]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-02-06 44928]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-01-26 728083]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2005-03-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
Trusted Zone: *.turbotax.com
TCP: {F843C0CE-CE64-4A2B-83C8-BBDBCFF3AA37} = 69.111.95.106,206.196.151.153
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 08:51:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\IBM Access Support]
@DACL=(02 0000)
@SACL=
"DisplayIcon"="c:\\Program Files\\Support.com\\bin\\IBMAccessSupport\\common\\graphics\\icons\\AS application.ico"
"DisplayName"="IBM Access Support"
"UninstallString"="wscript \"c:\\Program Files\\Support.com\\bin\\uninstall.vbs\" -uninstall -release1"
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}]
@DACL=(02 0000)
@SACL=
"UninstallString"="c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Driver\\7\\INTEL3~1\\IDriver.exe /M{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1} /l1033 "
"DisplayName"="IBM 32-bit Runtime Environment for Java 2, v1.4.0"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}\\Setup.ilg"
"Comments"=" "
"Contact"="Customer Support Department"
"DisplayVersion"="1.4.0"
"HelpTelephone"="0-000-000-0000"
"InstallDate"="20031031"
"InstallLocation"=""
"InstallSource"="c:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\_is981\\"
"ProductID"=""
"Publisher"="IBM"
"Readme"="Readme.txt"
"URLInfoAbout"="http://www.ibm.com"
"URLUpdateInfo"="http://www.ibm.com"
"HelpLink"=expand:"http://www.ibm.com"
"EstimatedSize"=dword:000095d1
"Language"=dword:00000000
"Version"=dword:01040000
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000004
"DisplayIcon"="c:\\WINDOWS\\Installer\\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}\\ARPPRODUCTICON.exe"
"RegOwner"=" "
"RegCompany"=" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98]
@DACL=(02 0000)
@SACL=
"UninstallString"="PMUninst.exe MouseSuite98"
"DisplayName"="Mouse Suite"
"SetupTitle"="Mouse Suite Uninstall"
"FontName"="Times New Roman Italic"
"FontColor"="White"
"NeedRestart"="TRUE"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Support.com]
@DACL=(02 0000)
@SACL=
"DisplayIcon"="c:\\\\Program Files\\\\Support.com\\\\bin\\\\tgcmd.exe"
"DisplayName"="Support.com Software"
"UninstallString"="wscript \"c:\\Program Files\\Support.com\\bin\\admins.vbs\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{1E34AB5C-B893-4EE9-82F3-F195978D009D}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{1E34AB5C-B893-4EE9-82F3-F195978D009D}\\Setup.exe\" -l0x9 "
"DisplayName"="IBM Access Support - Local Content Pack"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{1E34AB5C-B893-4EE9-82F3-F195978D009D}\\setup.ilg"
"NoRemove"=dword:00000001
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}]
@DACL=(02 0000)
@SACL=
"DisplayIcon"="c:\\Program Files\\PC-Doctor for Windows\\Pcdrw32.exe"
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\\SETUP.EXE\" "
"DisplayName"="PC-Doctor for Windows"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{39DA87A1-0B26-4562-A70C-2A6147366E47}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{39DA87A1-0B26-4562-A70C-2A6147366E47}\\SETUP.EXE\" "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{39DA87A1-0B26-4562-A70C-2A6147366E47}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RUNDLL32.EXE c:\\WINDOWS\\System32\\ialmrem.dll,UninstallW2KIGfx PCI\\VEN_8086&DEV_2572"
"DisplayName"="Intel(R) Extreme Graphics 2 Driver"
"ModifyPath"="FALSE"
"NoModify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\\SETUP.EXE\" "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{BAD59025-5B73-4E12-B789-0028C5A573C2}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{BAD59025-5B73-4E12-B789-0028C5A573C2}\\SETUP.EXE\" "
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{BAD59025-5B73-4E12-B789-0028C5A573C2}\\setup.ilg"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}]
@DACL=(02 0000)
@SACL=
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{F0A37341-D692-11D4-A984-009027EC0A9C}\\SETUP.EXE\" "
"DisplayName"="SoundMAX"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{F0A37341-D692-11D4-A984-009027EC0A9C}\\setup.ilg"
"InstallLocation"="c:\\Program Files\\Analog Devices\\SoundMAX"
"DisplayIcon"="c:\\Program Files\\Analog Devices\\SoundMAX\\smax3cp.ico"

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \$»»]
"Q"=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \Ã#$]
"Q"=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \ÏE¼]
"Q"=hex:51
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\avldr.dll
.
Completion time: 2009-01-14 8:54:19
ComboFix-quarantined-files.txt 2009-01-14 13:54:16
ComboFix2.txt 2008-12-27 14:21:44
ComboFix3.txt 2008-02-22 12:10:13

Pre-Run: 97,971,929,088 bytes free
Post-Run: 97,944,817,664 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=2 Sets=1,2,3,4
327 --- E O F --- 2009-01-12 19:23:52

[amateur]

Hi,

Please run GMER again and post the fresh ark.txt.

[hilton7949]

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-14 18:58:25
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT spxs.sys ZwCreateKey [0xF773C0E0]
SSDT spxs.sys ZwEnumerateKey [0xF7759CA2]
SSDT spxs.sys ZwEnumerateValueKey [0xF775A030]
SSDT spxs.sys ZwOpenKey [0xF773C0C0]
SSDT spxs.sys ZwQueryKey [0xF775A108]
SSDT spxs.sys ZwQueryValueKey [0xF7759F88]
SSDT spxs.sys ZwSetValueKey [0xF775A19A]
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateProcess [0xB9C1DA30]
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateThread [0xB9C1CE50]

INT 0x62 ? 877D6BF8
INT 0x63 ? 87515BF8
INT 0x63 ? 87515BF8
INT 0x82 ? 877D6BF8
INT 0x94 ? 87515BF8
INT 0xA4 ? 87515BF8
INT 0xB4 ? 87515BF8

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)
Device \FileSystem\Ntfs \Ntfs 877D51F8

AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.)
AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys

Device \FileSystem\Fastfat \FatCdrom 870C6500

AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

Device \Driver\usbuhci \Device\USBPDO-0 87514470
Device \Driver\dmio \Device\DmControl\DmIoDaemon 877661F8
Device \Driver\dmio \Device\DmControl\DmConfig 877661F8
Device \Driver\dmio \Device\DmControl\DmPnP 877661F8
Device \Driver\dmio \Device\DmControl\DmInfo 877661F8
Device \Driver\usbuhci \Device\USBPDO-1 87514470
Device \Driver\usbuhci \Device\USBPDO-2 87514470
Device \Driver\usbuhci \Device\USBPDO-3 87514470
Device \Driver\usbehci \Device\USBPDO-4 87509430

AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 877D71F8
Device \Driver\Cdrom \Device\CdRom0 8757A1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86D6C1F8
Device \Driver\NetBT \Device\NetbiosSmb 86D6C1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1945E50B-BF5A-41AB-BC42-0562727DE539} 86D6C1F8

AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.)

Device \Driver\usbuhci \Device\USBFDO-0 87514470
Device \Driver\usbuhci \Device\USBFDO-1 87514470
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B4A1F8
Device \Driver\usbuhci \Device\USBFDO-2 87514470
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86B4A1F8
Device \Driver\usbuhci \Device\USBFDO-3 87514470
Device \Driver\usbehci \Device\USBFDO-4 87509430
Device \Driver\Ftdisk \Device\FtControl 877D71F8
Device \FileSystem\Fastfat \Fat 870C6500

AttachedDevice \FileSystem\Fastfat \Fat pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.)
AttachedDevice \FileSystem\Fastfat \Fat av5flt.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 87586368
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Direct Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xA0 0xF5 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xA0 0xF5 0x97 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xA0 0xF5 0x97 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IBM Access Support@DisplayIcon C:\Program Files\Support.com\bin\IBMAccessSupport\common\graphics\icons\AS application.ico
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IBM Access Support@DisplayName IBM Access Support
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IBM Access Support@UninstallString wscript "C:\Program Files\Support.com\bin\uninstall.vbs" -uninstall -release1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IBM Access Support@SystemComponent 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{123E3792-565C-4DC8-A68A-BBB12C41B390}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{123E3792-565C-4DC8-A68A-BBB12C41B390}@LogFile C:\Program Files\InstallShield Installation Information\{123E3792-565C-4DC8-A68A-BBB12C41B390}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{123E3792-565C-4DC8-A68A-BBB12C41B390}@StatusText MapSource - MetroGuide USA v5 Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@LogFile C:\Program Files\InstallShield Installation Information\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@StatusText IBM 32-bit Runtime Environment for Java 2, v1.4.0 Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@DoMaintenance N
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@UninstallString C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1} /l1033
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@DisplayName IBM 32-bit Runtime Environment for Java 2, v1.4.0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@LogFile C:\Program Files\InstallShield Installation Information\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@Comments
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@Contact Customer Support Department
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@DisplayVersion 1.4.0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@HelpTelephone 0-000-000-0000
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@InstallDate 20031031
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@InstallLocation
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@InstallSource C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is981\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@ProductID
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@Publisher IBM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@Readme Readme.txt
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@URLInfoAbout http://www.ibm.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@URLUpdateInfo http://www.ibm.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@HelpLink http://www.ibm.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@EstimatedSize 38353
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@Language 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@Version 17039360
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@VersionMajor 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@VersionMinor 4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@DisplayIcon C:\WINDOWS\Installer\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}\ARPPRODUCTICON.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@RegOwner
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}@RegCompany
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98@UninstallString PMUninst.exe MouseSuite98
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98@DisplayName Mouse Suite
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98@SetupTitle Mouse Suite Uninstall
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98@FontName Times New Roman Italic
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98@FontColor White
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98@NeedRestart TRUE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELMOUSE.SYS %SYS32_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELPS2M.SYS C:\WINDOWS\System32\Drivers
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELMICED.EXE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELCOMM.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELUTIL.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELHOOKS.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELSCRLL.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELBDO.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELPPM.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELWHEEL.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELZOOM.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PMUNINST.EXE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PMUNINNT.EXE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98ACHS.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98ACHT.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98ADAN.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98ADUT.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98AENG.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98AFIN.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98AFRE.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98AGER.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98AITA.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98AJPA.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98ANOR.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98APOR.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98ASPA.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98ASWE.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUSE.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUSE.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUCHT.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUCHT.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUCHS.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUCHS.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUDAN.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUDAN.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUDUT.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUDUT.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUFIN.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUFIN.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUFRE.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUFRE.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUGER.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUGER.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUITA.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUITA.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUJPA.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUJPA.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUNOR.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUNOR.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUPOR.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUPOR.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUSPA.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUSPA.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUSWE.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUSWE.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELUSBLF.SYS %SYS32_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELSETUP.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PMIBM.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PELRESS.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PMRESHP.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@ICONSPY.EXE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PMBDO.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PMMO32R.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PMMO32R1.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@MS98AKOR.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUKOR.HLP %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUKOR.CNT %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PMIBM1.DLL C:\WINDOWS\System32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@PMMILG.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@HIDUSB.SYS C:\WINDOWS\System32\Drivers
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@ms98.cab C:\WINDOWS\System32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@Setup2k.ini C:\WINDOWS\System32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@pmouse.inf C:\WINDOWS\System32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@phidmou.inf %INF_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@presetup.ini C:\WINDOWS\System32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@ms99.cat C:\WINDOWS\System32
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@oem2.inf C:\WINDOWS\INF
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@ICO.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUSE.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUCHT.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUCHS.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUDAN.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUDUT.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUFIN.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUFRE.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUGER.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUITA.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUJPA.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUKOR.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUNOR.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUPOR.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUSPA.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@SPMOUSWE.GID %HELP_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles@Phidmou.pnf %INF_DIR%
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteKey
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteKey@SOFTWARE\Primax\Mouse Suite 98
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteKey@SOFTWARE\Primax\Mouse Suite 98\ HKEY_CURRENT_USER
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteKey@SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Mouse Suite 98 PPM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteKey@SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Mouse Suite 98 BDO
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteKey@SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Mouse Suite 98 WHEEL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteKey@CLSID\{94149CC1-2600-11D2-9D15-00C04F9A1D50} HKEY_CLASSES_ROOT
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteKey@CLSID\{94149CC0-2600-11D2-9D15-00C04F9A1D50} HKEY_CLASSES_ROOT
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteKey@CLSID\{A2598260-0732-11D2-9D15-00C04F9A1D50} HKEY_CLASSES_ROOT
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteKey@System\CurrentControlSet\Services\pelmouse
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteKey@System\CurrentControlSet\Services\pelusblf
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteValue
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteValue@SOFTWARE\Microsoft\Windows\CurrentVersion\Run Mouse Suite 98 Daemon
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\KillWindow
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\KillWindow\0001
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\KillWindow\0001@Class MS98 Daemon
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\KillWindow\0001@Caption MS98 Daemon
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\KillWindow\0002
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\KillWindow\0002@Class Daemon Spy
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\KillWindow\0002@Caption Daemon Spy
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\RestoreDriver
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\RestoreDriver\IBM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\RestoreDriver\IBM@IBM Travel Mouse (HID) @HID
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\RestoreDriver\IBM@IBM Travel Optical (HID) @HID
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\RestoreDriver\IBM@IBM USB Optical Wheel Mouse (HID) @HID
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\RestoreDriver\IBM@IBM ScrollPoint Pro (HID) @HID
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\RestoreDriver\IBM@IBM ScrollPoint Optical (HID) @HID
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\RestoreDriver\IBM@IBM 800dpi ScrollPoint Optical (HID) @HID
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\RestoreDriver\IBM@IBM 800dpi ScrollPoint Pro Optical (HID) @HID
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\RestoreDriver\IBM@IBM ScrollPoint III (HID) @HID
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Support.com@DisplayIcon C:\\Program Files\\Support.com\\bin\\tgcmd.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Support.com@DisplayName Support.com Software
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Support.com@UninstallString wscript "C:\Program Files\Support.com\bin\admins.vbs"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E34AB5C-B893-4EE9-82F3-F195978D009D}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E34AB5C-B893-4EE9-82F3-F195978D009D}\Setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E34AB5C-B893-4EE9-82F3-F195978D009D}@DisplayName IBM Access Support - Local Content Pack
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E34AB5C-B893-4EE9-82F3-F195978D009D}@LogFile C:\Program Files\InstallShield Installation Information\{1E34AB5C-B893-4EE9-82F3-F195978D009D}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E34AB5C-B893-4EE9-82F3-F195978D009D}@NoRemove 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E34AB5C-B893-4EE9-82F3-F195978D009D}@SystemComponent 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}@DisplayIcon C:\Program Files\PC-Doctor for Windows\Pcdrw32.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}@DisplayName PC-Doctor for Windows
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}@LogFile C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{39DA87A1-0B26-4562-A70C-2A6147366E47}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{39DA87A1-0B26-4562-A70C-2A6147366E47}@LogFile C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}@UninstallString RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}@DisplayName Intel(R) Extreme Graphics 2 Driver
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}@ModifyPath FALSE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}@NoModify 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}@LogFile C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAD59025-5B73-4E12-B789-0028C5A573C2}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAD59025-5B73-4E12-B789-0028C5A573C2}@LogFile C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}@DisplayName SoundMAX
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}@LogFile C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}@InstallLocation C:\Program Files\Analog Devices\SoundMAX
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}@DisplayIcon C:\Program Files\Analog Devices\SoundMAX\smax3cp.ico

---- EOF - GMER 1.0.14 ----

[amateur]

Hi,

• Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won't work)
• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop
• Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Code:

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall]

SkipFix::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply and let me know how the system is behaving now.

[hilton7949]

CFScript+ComboFix Log:

ComboFix 09-01-11.04 - Owner 2009-01-14 21:36:41.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.421 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Panda Internet Security 2009 *On-access scanning disabled* (Updated)
FW: Panda Personal Firewall 2009 *disabled*
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2099-03-18 21:32 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2099-03-18 18:52 . 2002-08-29 08:00 98,176 --a------ c:\windows\system32\drivers\NBF.SYS
2099-03-18 18:41 . 2002-03-14 19:46 45,056 --a------ c:\windows\system32\ico.exe
2099-02-23 08:59 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\drivers\ohci1394.sys
2099-02-23 08:59 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\drivers\1394bus.sys
2099-02-23 08:59 . 2001-08-17 15:12 32,840 --a------ c:\windows\system32\drivers\Ngrpci.sys
2099-02-23 08:59 . 2001-08-17 16:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2008-12-28 09:06 . 2009-01-14 18:02 250 --a------ c:\windows\gmer.ini
2008-12-27 18:23 . 2008-12-27 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-27 18:22 . 2008-12-27 18:22 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-27 16:58 . 2009-01-13 14:06 8,627 --a------ c:\windows\system32\PAV_FOG.OPC
2008-12-27 16:41 . 2009-01-13 19:21 241,440 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-12-27 16:41 . 2009-01-13 19:21 241,440 --a------ c:\windows\system32\drivers\APPFCONT.DAT
2008-12-27 16:41 . 2008-06-18 16:06 193,792 --a------ c:\windows\system32\drivers\idsflt.sys
2008-12-27 16:41 . 2008-07-11 14:58 158,848 --a------ c:\windows\system32\drivers\NETFLTDI.SYS
2008-12-27 16:41 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys
2008-12-27 16:41 . 2008-06-25 15:42 73,728 --a------ c:\windows\system32\drivers\APPFLT.SYS
2008-12-27 16:41 . 2008-06-18 16:06 52,992 --a------ c:\windows\system32\drivers\dsaflt.sys
2008-12-27 16:41 . 2008-06-18 16:06 46,720 --a------ c:\windows\system32\drivers\wnmflt.sys
2008-12-27 16:41 . 2008-03-28 11:25 22,072 --a------ c:\windows\system32\drivers\fnetmon.sys
2008-12-27 16:41 . 2009-01-14 08:31 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-12-27 16:41 . 2009-01-14 08:31 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG
2008-12-27 16:41 . 2008-12-27 16:41 261 --a------ c:\windows\system32\PavCPL.dat
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\windows\system32\PAV
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\program files\Panda Security
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Panda Security
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Panda Security
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Backup
2008-12-27 16:40 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll
2008-12-27 16:40 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll
2008-12-27 16:40 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys
2008-12-27 16:40 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll
2008-12-27 16:40 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL
2008-12-27 16:40 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll
2008-12-27 16:40 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\avldr.dll
2008-12-27 16:40 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\pavipc.dll
2008-12-27 16:40 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\pavcpl.cpl
2008-12-27 16:38 . 2008-12-27 16:38 <DIR> d-------- c:\program files\Common Files\Panda Security
2008-12-27 16:38 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys
2008-12-27 16:38 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys
2008-12-27 09:41 . 2008-12-27 09:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 09:41 . 2008-12-27 09:41 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-27 09:41 . 2008-12-27 09:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 09:41 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 09:41 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 22:00 . 2008-12-26 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-26 15:03 . 2008-12-26 15:03 <DIR> d-------- c:\windows\Sun
2008-12-26 15:02 . 2008-12-26 15:01 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-26 15:02 . 2008-12-26 15:01 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-26 05:40 . 2008-12-26 09:44 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 17:31 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-13 18:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-29 18:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-28 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 23:23 --------- d-----w c:\program files\Lavasoft
2008-12-27 17:31 --------- d-----w c:\program files\Google
2008-12-27 15:36 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-26 20:01 --------- d-----w c:\program files\Java
2008-12-21 11:55 --------- d-----w c:\program files\SpywareBlaster
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-11-16 17:40 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 532480]
"Mozilla Quick Launch"="c:\program files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 532480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"UC_Start"="c:\ibmtools\Updater\ucstartup.exe" [2003-03-17 32768]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-05-05 114741]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-05-10 36864]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-13 c:\windows\system32\irprops.cpl]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-04-22 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Billminder.lnk - c:\program files\QUICKENW\BILLMIND.EXE [2004-03-18 36864]
CorelCENTRAL 10.lnk - c:\windows\Installer\{A0B295C3-FD3C-11D4-A811-0090279106C3}\I_26dadCC.exe [2004-05-28 5222]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 614531]
Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2004-03-18 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XJPG"= camfc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-07-09 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-12-27 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-12-27 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-12-27 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-12-27 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-12-27 16:41:02 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-12-27 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-12-27 46720]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2008-12-27 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-12-27 179640]
R4 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\psksvc.exe [2008-12-27 28928]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2004-05-01 36224]
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2099-02-23 32840]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2003-10-31 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [2003-10-31 9216]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-02-06 44928]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-01-26 728083]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2005-03-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
Trusted Zone: *.turbotax.com
TCP: {F843C0CE-CE64-4A2B-83C8-BBDBCFF3AA37} = 69.111.95.106,206.196.151.153
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 21:36:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}]
@DACL=(02 0000)
@SACL=
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}\\Setup.ilg"
"StatusText"="IBM 32-bit Runtime Environment for Java 2, v1.4.0 Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait."
"DoMaintenance"="N"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles]
@DACL=(02 0000)
@SACL=
"PELMOUSE.SYS"="%SYS32_DIR%"
"PELPS2M.SYS"="c:\\WINDOWS\\System32\\Drivers"
"PELMICED.EXE"=""
"PELCOMM.DLL"=""
"PELUTIL.DLL"=""
"PELHOOKS.DLL"=""
"PELSCRLL.DLL"=""
"PELBDO.DLL"=""
"PELPPM.DLL"=""
"PELWHEEL.DLL"=""
"PELZOOM.DLL"=""
"PMUNINST.EXE"=""
"PMUNINNT.EXE"=""
"MS98ACHS.HLP"="%HELP_DIR%"
"MS98ACHT.HLP"="%HELP_DIR%"
"MS98ADAN.HLP"="%HELP_DIR%"
"MS98ADUT.HLP"="%HELP_DIR%"
"MS98AENG.HLP"="%HELP_DIR%"
"MS98AFIN.HLP"="%HELP_DIR%"
"MS98AFRE.HLP"="%HELP_DIR%"
"MS98AGER.HLP"="%HELP_DIR%"
"MS98AITA.HLP"="%HELP_DIR%"
"MS98AJPA.HLP"="%HELP_DIR%"
"MS98ANOR.HLP"="%HELP_DIR%"
"MS98APOR.HLP"="%HELP_DIR%"
"MS98ASPA.HLP"="%HELP_DIR%"
"MS98ASWE.HLP"="%HELP_DIR%"
"SPMOUSE.HLP"="%HELP_DIR%"
"SPMOUSE.CNT"="%HELP_DIR%"
"SPMOUCHT.HLP"="%HELP_DIR%"
"SPMOUCHT.CNT"="%HELP_DIR%"
"SPMOUCHS.HLP"="%HELP_DIR%"
"SPMOUCHS.CNT"="%HELP_DIR%"
"SPMOUDAN.HLP"="%HELP_DIR%"
"SPMOUDAN.CNT"="%HELP_DIR%"
"SPMOUDUT.HLP"="%HELP_DIR%"
"SPMOUDUT.CNT"="%HELP_DIR%"
"SPMOUFIN.HLP"="%HELP_DIR%"
"SPMOUFIN.CNT"="%HELP_DIR%"
"SPMOUFRE.HLP"="%HELP_DIR%"
"SPMOUFRE.CNT"="%HELP_DIR%"
"SPMOUGER.HLP"="%HELP_DIR%"
"SPMOUGER.CNT"="%HELP_DIR%"
"SPMOUITA.HLP"="%HELP_DIR%"
"SPMOUITA.CNT"="%HELP_DIR%"
"SPMOUJPA.HLP"="%HELP_DIR%"
"SPMOUJPA.CNT"="%HELP_DIR%"
"SPMOUNOR.HLP"="%HELP_DIR%"
"SPMOUNOR.CNT"="%HELP_DIR%"
"SPMOUPOR.HLP"="%HELP_DIR%"
"SPMOUPOR.CNT"="%HELP_DIR%"
"SPMOUSPA.HLP"="%HELP_DIR%"
"SPMOUSPA.CNT"="%HELP_DIR%"
"SPMOUSWE.HLP"="%HELP_DIR%"
"SPMOUSWE.CNT"="%HELP_DIR%"
"PELUSBLF.SYS"="%SYS32_DIR%"
"PELSETUP.DLL"=""
"PMIBM.DLL"=""
"PELRESS.DLL"=""
"PMRESHP.DLL"=""
"ICONSPY.EXE"=""
"PMBDO.DLL"=""
"PMMO32R.DLL"=""
"PMMO32R1.DLL"=""
"MS98AKOR.HLP"="%HELP_DIR%"
"SPMOUKOR.HLP"="%HELP_DIR%"
"SPMOUKOR.CNT"="%HELP_DIR%"
"PMIBM1.DLL"="c:\\WINDOWS\\System32"
"PMMILG.DLL"=""
"HIDUSB.SYS"="c:\\WINDOWS\\System32\\Drivers"
"ms98.cab"="c:\\WINDOWS\\System32"
"Setup2k.ini"="c:\\WINDOWS\\System32"
"pmouse.inf"="c:\\WINDOWS\\System32"
"phidmou.inf"="%INF_DIR%"
"presetup.ini"="c:\\WINDOWS\\System32"
"ms99.cat"="c:\\WINDOWS\\System32"
"oem2.inf"="c:\\WINDOWS\\INF"
"ICO.exe"=""
"SPMOUSE.GID"="%HELP_DIR%"
"SPMOUCHT.GID"="%HELP_DIR%"
"SPMOUCHS.GID"="%HELP_DIR%"
"SPMOUDAN.GID"="%HELP_DIR%"
"SPMOUDUT.GID"="%HELP_DIR%"
"SPMOUFIN.GID"="%HELP_DIR%"
"SPMOUFRE.GID"="%HELP_DIR%"
"SPMOUGER.GID"="%HELP_DIR%"
"SPMOUITA.GID"="%HELP_DIR%"
"SPMOUJPA.GID"="%HELP_DIR%"
"SPMOUKOR.GID"="%HELP_DIR%"
"SPMOUNOR.GID"="%HELP_DIR%"
"SPMOUPOR.GID"="%HELP_DIR%"
"SPMOUSPA.GID"="%HELP_DIR%"
"SPMOUSWE.GID"="%HELP_DIR%"
"Phidmou.pnf"="%INF_DIR%"

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \$»»]
"Q"=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \Ã#$]
"Q"=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \ÏE¼]
"Q"=hex:51
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\avldr.dll
.
Completion time: 2009-01-14 21:39:53
ComboFix-quarantined-files.txt 2009-01-15 02:39:50
ComboFix2.txt 2009-01-14 13:54:21
ComboFix3.txt 2008-12-27 14:21:44
ComboFix4.txt 2008-02-22 12:10:13

Pre-Run: 97,925,689,344 bytes free
Post-Run: 97,901,826,048 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=2 Sets=1,2,3,4
335 --- E O F --- 2009-01-12 19:23:52

[hilton7949]

I just tried several searches and the links all look correct. Do you think it's clean now?

[amateur]

Quote:

Originally Posted by hilton7949

I just tried several searches and the links all look correct. Do you think it's clean now?

Yes, the malware that was causing the redirecting is removed. We are just tying the loose ends. We should be done shortly.

• Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won't work)
• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop
• Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Code:

SkipFix::

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\MouseSuite98\DeleteFiles]

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \$»»]
[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \Ã#$]
[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \ÏE¼]

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply and let me know how the system is behaving now.

[hilton7949]

ComboFix 09-01-11.04 - Owner 2009-01-15 012.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.423 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Panda Internet Security 2009 *On-access scanning disabled* (Updated)
FW: Panda Personal Firewall 2009 *disabled*
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2099-03-18 21:32 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2099-03-18 18:52 . 2002-08-29 08:00 98,176 --a------ c:\windows\system32\drivers\NBF.SYS
2099-03-18 18:41 . 2002-03-14 19:46 45,056 --a------ c:\windows\system32\ico.exe
2099-02-23 08:59 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\drivers\ohci1394.sys
2099-02-23 08:59 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\drivers\1394bus.sys
2099-02-23 08:59 . 2001-08-17 15:12 32,840 --a------ c:\windows\system32\drivers\Ngrpci.sys
2099-02-23 08:59 . 2001-08-17 16:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2008-12-28 09:06 . 2009-01-14 18:02 250 --a------ c:\windows\gmer.ini
2008-12-27 18:23 . 2008-12-27 18:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-27 18:22 . 2008-12-27 18:22 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-27 16:58 . 2009-01-13 14:06 8,627 --a------ c:\windows\system32\PAV_FOG.OPC
2008-12-27 16:41 . 2009-01-13 19:21 241,440 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-12-27 16:41 . 2009-01-13 19:21 241,440 --a------ c:\windows\system32\drivers\APPFCONT.DAT
2008-12-27 16:41 . 2008-06-18 16:06 193,792 --a------ c:\windows\system32\drivers\idsflt.sys
2008-12-27 16:41 . 2008-07-11 14:58 158,848 --a------ c:\windows\system32\drivers\NETFLTDI.SYS
2008-12-27 16:41 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys
2008-12-27 16:41 . 2008-06-25 15:42 73,728 --a------ c:\windows\system32\drivers\APPFLT.SYS
2008-12-27 16:41 . 2008-06-18 16:06 52,992 --a------ c:\windows\system32\drivers\dsaflt.sys
2008-12-27 16:41 . 2008-06-18 16:06 46,720 --a------ c:\windows\system32\drivers\wnmflt.sys
2008-12-27 16:41 . 2008-03-28 11:25 22,072 --a------ c:\windows\system32\drivers\fnetmon.sys
2008-12-27 16:41 . 2009-01-14 08:31 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-12-27 16:41 . 2009-01-14 08:31 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG
2008-12-27 16:41 . 2008-12-27 16:41 261 --a------ c:\windows\system32\PavCPL.dat
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\windows\system32\PAV
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\program files\Panda Security
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Panda Security
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Panda Security
2008-12-27 16:40 . 2008-12-27 16:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Backup
2008-12-27 16:40 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll
2008-12-27 16:40 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll
2008-12-27 16:40 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys
2008-12-27 16:40 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll
2008-12-27 16:40 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL
2008-12-27 16:40 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll
2008-12-27 16:40 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\avldr.dll
2008-12-27 16:40 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\pavipc.dll
2008-12-27 16:40 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\pavcpl.cpl
2008-12-27 16:38 . 2008-12-27 16:38 <DIR> d-------- c:\program files\Common Files\Panda Security
2008-12-27 16:38 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys
2008-12-27 16:38 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys
2008-12-27 09:41 . 2008-12-27 09:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 09:41 . 2008-12-27 09:41 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-27 09:41 . 2008-12-27 09:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 09:41 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 09:41 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 22:00 . 2008-12-26 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-26 15:03 . 2008-12-26 15:03 <DIR> d-------- c:\windows\Sun
2008-12-26 15:02 . 2008-12-26 15:01 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-26 15:02 . 2008-12-26 15:01 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-26 05:40 . 2008-12-26 09:44 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 17:31 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-13 18:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-29 18:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-28 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 23:23 --------- d-----w c:\program files\Lavasoft
2008-12-27 17:31 --------- d-----w c:\program files\Google
2008-12-27 15:36 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-26 20:01 --------- d-----w c:\program files\Java
2008-12-21 11:55 --------- d-----w c:\program files\SpywareBlaster
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-11-16 17:40 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 532480]
"Mozilla Quick Launch"="c:\program files\Netscape\Netscape\Netscp.exe" [2003-06-24 568096]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 532480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"UC_Start"="c:\ibmtools\Updater\ucstartup.exe" [2003-03-17 32768]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-05-05 114741]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-05-10 36864]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-13 c:\windows\system32\irprops.cpl]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-04-22 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Billminder.lnk - c:\program files\QUICKENW\BILLMIND.EXE [2004-03-18 36864]
CorelCENTRAL 10.lnk - c:\windows\Installer\{A0B295C3-FD3C-11D4-A811-0090279106C3}\I_26dadCC.exe [2004-05-28 5222]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 614531]
Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2004-03-18 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XJPG"= camfc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-07-09 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-12-27 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-12-27 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-12-27 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-12-27 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-12-27 16:41:02 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-12-27 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-12-27 46720]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2008-12-27 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-12-27 179640]
R4 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\psksvc.exe [2008-12-27 28928]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2004-05-01 36224]
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2099-02-23 32840]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2003-10-31 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [2003-10-31 9216]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-02-06 44928]
S3 XIRLINK;Veo Mobile/Advanced Web Camera;c:\windows\system32\drivers\ucdnt.sys [2004-01-26 728083]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2005-03-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
Trusted Zone: *.turbotax.com
TCP: {F843C0CE-CE64-4A2B-83C8-BBDBCFF3AA37} = 69.111.95.106,206.196.151.153
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\68d1fesc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 0027
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \$»»]
"Q"=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \Ã#$]
"Q"=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \ÏE¼]
"Q"=hex:51
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\avldr.dll
.
Completion time: 2009-01-15 0:09:01
ComboFix-quarantined-files.txt 2009-01-15 05:08:58
ComboFix2.txt 2009-01-15 02:39:56
ComboFix3.txt 2009-01-14 13:54:21
ComboFix4.txt 2008-12-27 14:21:44
ComboFix5.txt 2009-01-15 05:05:38

Pre-Run: 97,890,836,480 bytes free
Post-Run: 97,867,280,384 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=2 Sets=1,2,3,4
237 --- E O F --- 2009-01-12 19:23:52