many, many, MANY corrupt installs

[trippwojohn]

Hi everyone--

I have been having this problem for several months, and can't find an explanation anywhere. Many times, after downloading an installation program (most recently AVG free, but this is just an example), when I go to install, I get the msg "File is corrupt" and installation halts. It seems to happen a LOT with AV software (but does happen with other types of software, as well)...I have vainly attempted to install KIS and KAV, NOD32, Panda, and others, but every single one of them fails to install. When attempting the install for AVG, for example, I tried to install a half-dozen times...but the installer stopped at a different unpacking percentage each time, ranging from 18 to 97%. This makes NO sense to me, because it seems as though if a particular part of the file was corrupt, it would stop at the same point each time. What could be causing this? Befuddled and confused


DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 14:39:01.50 on Fri 07/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.146 [GMT -5:00]

AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\PC Tools Disk Suite\DSService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
j:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
C:\Program Files\PC Tools Disk Suite\aDSProcMngr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Hide My IP 2009\SecureSrv.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Maxthon2\Maxthon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.orbitdownloader.com
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: DownloadStudio IE Add-on: {8170d7dc-bdd6-461e-88eb-f047257898c9} - c:\program files\conceiva\downloadstudio\DLMonitr.dll
BHO: FoxmarksDLLBHO Class: {a2a71aba-3939-43b2-bd8f-8c1767ef9020} - c:\program files\xmarks\ie extension\foxmarksdll.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [HomeAlarm] c:\program files\chameleon clock\ChamClock.exe
uRun: [WeatherWatcher] "c:\program files\weather watcher\ww.exe"
uRun: [MLOWMSync.exe] c:\program files\mylifeorganized.net\mlo\MLOWMSync.exe
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [uTorrent] "c:\program files\utorrent2\uTorrent.exe"
uRun: [Xmarks] c:\program files\xmarks\ie extension\xmarkssync.exe -q
uRun: [SandboxieControl] "j:\program files\sandboxie\SbieCtrl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [DownloadStudio] c:\program files\conceiva\downloadstudio\DownloadStudioScheduleMonitor.exe
mRun: [Linksys Wireless-N Notebook Adapter] c:\program files\linksys\wireless-n network monitor\WPC300N.exe
mRun: [DiskSuite] c:\program files\pc tools disk suite\aDSProcMngr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spbbac~1.lnk - c:\program files\spb backup\SpbBackupSync.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\windows\system32\SecureNet.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} - hxxp://iu.ak.sonico.com//ImageUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243047895324
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244054291176
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: NameServer = 85.255.112.79,85.255.112.213
TCP: {6E4CD078-72F9-40FA-B9CA-E47E3E7A811F} = 85.255.112.79,85.255.112.213
TCP: {CC3DAA6C-416E-4279-AE5A-995FEE21991D} = 85.255.112.79,85.255.112.213
TCP: {ECEAB149-D703-4532-BB6E-305D219D859E} = 85.255.112.97,85.255.112.64
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: PSFactoryBuffer - {7db1aaf8-4756-410a-8210-16b49208a6b6} - c:\program files\common files\psfactorybuffer\PSFactoryBuffer.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-7-2 28544]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-4-23 113928]
R2 DiskSuiteService;PC Tools Disk Suite;c:\program files\pc tools disk suite\DSService.exe [2009-6-6 869696]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2009-5-25 6656]
R2 NanoServiceMain;NanoServiceMain;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2009-4-23 95488]
R2 NICSer_WPC300N;NICSer_WPC300N;c:\program files\linksys\wireless-n network monitor\NICServ.exe [2009-6-5 452608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-4-23 136968]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-4-23 92552]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-4-23 98056]
R3 SbieDrv;SbieDrv;j:\program files\sandboxie\SbieDrv.sys [2009-5-28 108032]
R3 SecureSrv;SecureSrv;c:\program files\hide my ip 2009\SecureSrv.exe [2009-5-26 536896]
S2 EasyHideIP;EasyHideIP;f:\program files\easy-hide-ip\services\easyhideip.exe --> f:\program files\easy-hide-ip\services\EasyHideIp.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

=============== Created Last 30 ================

2009-07-02 21:25 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-02 21:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-02 21:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 21:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-02 20:00 <DIR> --d----- c:\documents and settings\administrator\.housecall6.6
2009-07-02 19:18 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-07-01 12:24 1,426 a------- c:\windows\Sandboxie.ini
2009-06-28 15:45 545 a------- c:\windows\UC.PIF
2009-06-28 15:45 545 a------- c:\windows\RAR.PIF
2009-06-28 15:45 545 a------- c:\windows\PKZIP.PIF
2009-06-28 15:45 545 a------- c:\windows\PKUNZIP.PIF
2009-06-28 15:45 545 a------- c:\windows\NOCLOSE.PIF
2009-06-28 15:45 545 a------- c:\windows\LHA.PIF
2009-06-28 15:45 545 a------- c:\windows\ARJ.PIF
2009-06-28 15:45 <DIR> --d----- C:\totalcmd
2009-06-28 15:45 <DIR> --d----- c:\docume~1\admini~1\applic~1\GHISLER
2009-06-28 15:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-06-24 12:44 <DIR> --d----- c:\docume~1\admini~1\applic~1\Thinstall
2009-06-24 12:44 <DIR> --d----- c:\program files\SpeedConnect Internet Accelerator
2009-06-24 06:27 <DIR> --d----- c:\program files\Xmarks
2009-06-21 17:18 <DIR> --d----- c:\program files\WhereIsIt
2009-06-21 17:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WhereIsIt
2009-06-21 17:14 <DIR> --d----- c:\docume~1\admini~1\applic~1\Boost Windows
2009-06-20 20:02 <DIR> --d----- c:\program files\Easy DVD Player
2009-06-20 19:59 0 a------- c:\windows\iplayer.INI
2009-06-20 19:40 <DIR> --d----- c:\program files\WinDVD 8 Platinum
2009-06-20 19:22 <DIR> --d----- c:\program files\InterActual
2009-06-20 11:31 <DIR> --d----- c:\program files\Your Uninstaller 2008
2009-06-16 10:07 <DIR> --d----- c:\program files\Unlocker
2009-06-15 12:59 <DIR> --d----- c:\program files\ESTsoft
2009-06-14 19:07 <DIR> --d----- c:\program files\MediaMonkey
2009-06-14 18:10 105 a------- c:\windows\system32\_WDYSZYG.sys
2009-06-14 18:09 <DIR> --d----- c:\program files\WinUtilities
2009-06-14 15:40 111,879 a------- c:\windows\system32\ASTULog.cab
2009-06-14 15:40 1,050 a------- c:\windows\system32\setup.inf
2009-06-14 15:40 283 a------- c:\windows\system32\setup.rpt
2009-06-14 15:40 <DIR> --d----- c:\windows\ASTULogTemp
2009-06-14 15:21 <DIR> --d----- c:\program files\Spb Backup
2009-06-14 14:15 207,488 a----r-- c:\windows\system32\drivers\vinyl97.sys
2009-06-14 13:51 <DIR> --d----- C:\My Drivers
2009-06-14 13:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Innovative Solutions
2009-06-13 18:01 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-13 18:01 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-13 11:05 <DIR> --d----- c:\program files\SDM20
2009-06-13 09:16 <DIR> --d----- c:\program files\Hero Editor
2009-06-13 09:16 249,856 a------- c:\windows\Setup1.exe
2009-06-13 09:16 73,216 a------- c:\windows\ST6UNST.EXE
2009-06-12 21:16 35,713 a------- c:\windows\DIIUnin.dat
2009-06-12 21:16 94,208 a------- c:\windows\DIIUnin.exe
2009-06-12 21:16 2,829 a------- c:\windows\DIIUnin.pif
2009-06-12 21:10 <DIR> --d----- c:\program files\Diablo II
2009-06-11 13:11 <DIR> --d----- c:\program files\TheWorld 3
2009-06-10 14:08 <DIR> --d----- c:\program files\Alcohol Soft
2009-06-09 11:24 <DIR> --d----- c:\docume~1\admini~1\applic~1\XemiComputers
2009-06-09 11:23 <DIR> --d----- c:\program files\XemiComputers
2009-06-09 06:09 <DIR> --d----- c:\program files\Microsoft Games
2009-06-09 06:06 80,384 a------- c:\windows\system32\drivers\MSIVXserv.sys
2009-06-07 14:39 <DIR> --d----- C:\mobile
2009-06-06 15:40 <DIR> --d----- C:\completedtorrents
2009-06-06 15:25 <DIR> --d----- C:\torrents
2009-06-06 15:23 <DIR> --d----- C:\rorrents
2009-06-06 14:51 82,960 a------- c:\windows\system32\Picclp32.ocx
2009-06-06 14:31 1,760 a------- c:\windows\system32\objsafe.tlb
2009-06-06 14:31 1,453 a------- c:\windows\system32\Project2.INF
2009-06-06 14:31 101,888 a------- c:\windows\system32\Vb6stkit.dll
2009-06-06 14:31 70,088 a------- c:\windows\system32\Project2-1.ocx
2009-06-06 14:23 <DIR> --d----- c:\program files\eGames
2009-06-06 13:45 <DIR> --d----- c:\program files\PC Tools Disk Suite
2009-06-06 13:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-06 12:38 3,249 a------- c:\windows\system32\wbem\Outlook_01c9e6cda5ab6b30.mof
2009-06-05 19:32 61 a------- c:\windows\init.ini
2009-06-05 19:32 <DIR> --d----- c:\program files\Funk Software
2009-06-05 19:32 <DIR> --d----- c:\program files\common files\Funk Software
2009-06-05 19:31 1,497,088 a------- c:\windows\system32\cc3260mt.dll
2009-06-05 19:31 1,496,064 a------- c:\windows\system32\cc3250mt.dll
2009-06-05 19:31 94,208 a------- c:\windows\system32\W32N50CT.DLL
2009-06-05 19:31 25,600 a------- c:\windows\system32\borlndmm.dll
2009-06-05 19:31 17,142 a------- c:\windows\system32\CBTNDIS5.SYS
2009-06-05 19:31 4,716 a------- c:\windows\system32\Version.lib
2009-06-05 19:31 543,104 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-06-05 19:31 1,706,800 a------- c:\windows\system32\GdiPlus.dll
2009-06-05 19:31 <DIR> --d----- c:\program files\Linksys
2009-06-04 17:50 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-06-04 17:50 <DIR> --d----- c:\program files\MagicDisc
2009-06-04 17:48 <DIR> --d----- c:\program files\MagicISO
2009-06-04 15:03 <DIR> --d----- c:\program files\AccessMV
2009-06-04 15:02 <DIR> --d----- c:\program files\VideoLAN
2009-06-04 14:04 <DIR> --d----- c:\program files\uTorrent2
2009-06-03 21:50 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-03 21:50 27,496 a------- c:\windows\system32\mucltui.dll.mui

==================== Find3M ====================

2009-06-12 21:05 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-06-12 21:05 17,212 a------t c:\windows\system32\SIntf32.dll
2009-06-12 21:05 12,067 a------t c:\windows\system32\SIntf16.dll
2009-05-31 15:07 724,992 a------- c:\windows\iun6002.exe
2009-05-29 16:40 162,816 a------- c:\windows\system32\fmod.dll
2009-05-26 22:37 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-25 10:12 6,656 a------- c:\windows\system32\drivers\iPodDrv.sys
2009-05-22 22:36 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-22 19:40 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 14:39:40.27 ===============

[tetonbob]

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

1. Download ComboFix from one of these locations:
   
   Link 1
   Link 2
   Link 3
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   
   You can get help on disabling your protection programs here
   
3. Double click on combofix.exe & follow the prompts.
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   
   The Recovery Console was successfully installed.
   
   
   
   Click on Yes, to continue scanning for malware.
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------

[trippwojohn]

Here's the log from my combofix run:

ComboFix 09-07-03.03 - Administrator 07/04/2009 9:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.778 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\install_flash_player.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp2.tmp
c:\windows\Installer\1791d6.msp
c:\windows\Installer\1791d7.msp
c:\windows\Installer\1791d8.msp
c:\windows\Installer\1791d9.msp
c:\windows\Installer\1791da.msp
c:\windows\Installer\1791db.msp
c:\windows\Installer\1791dc.msp
c:\windows\Installer\1791dd.msp
c:\windows\Installer\1791de.msp
c:\windows\Installer\3af1196.msp
c:\windows\Installer\4e9449.msi
c:\windows\Installer\7d512.msi
c:\windows\Installer\840ff.msp
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\gxvxckdviutfmliqftpiqyaoewflxmaudovns.sys
c:\windows\system32\drivers\gxvxckjmttkcnruuhrhxjhkymujnbocogmjcx.sys
c:\windows\system32\drivers\gxvxctymrmtkllnriqtqlhrwxoduibwxwhjiq.sys
c:\windows\system32\drivers\gxvxcwrriqplxkltlwossrprthxvdbapbpjdx.sys
c:\windows\system32\drivers\gxvxcxylqppamttiteoewswwaaucxovmarkwq.sys
c:\windows\system32\drivers\MSIVXserv.sys
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxcdyutyijejlktbxeusgwndsmfvppubobf.dll
c:\windows\system32\gxvxckjtlgnlirrsmlqpjovuvspuciqfbexfj.dll
c:\windows\system32\url(3).dll
J:\Autorun.inf
J:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-03 02:25 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 02:25 . 2009-07-03 02:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 02:25 . 2009-07-03 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-03 02:25 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 01:00 . 2009-07-03 01:01 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-06-28 20:45 . 2009-06-28 21:01 -------- d-----w- C:\totalcmd
2009-06-28 20:45 . 2009-06-28 20:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\GHISLER
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\UC.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\RAR.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\LHA.PIF
2009-06-28 20:45 . 2009-06-25 12:50 545 ----a-w- c:\windows\ARJ.PIF
2009-06-28 20:32 . 2009-06-28 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-24 21:31 . 2009-06-24 21:31 24064 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\SpeedConnect Internet Accelerator v.7.5\30000000c200002i\DW20.EXE
2009-06-24 17:44 . 2009-06-24 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thinstall
2009-06-24 17:44 . 2009-06-24 21:30 -------- d-----w- c:\program files\SpeedConnect Internet Accelerator
2009-06-24 11:27 . 2009-06-24 12:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xmarks
2009-06-24 11:27 . 2009-06-24 11:27 -------- d-----w- c:\program files\Xmarks
2009-06-21 22:18 . 2009-06-21 22:56 -------- d-----w- c:\program files\WhereIsIt
2009-06-21 22:18 . 2009-06-21 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WhereIsIt
2009-06-21 22:14 . 2009-06-21 22:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Boost Windows
2009-06-21 12:24 . 2009-06-21 12:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-06-21 01:02 . 2009-06-21 01:02 -------- d-----w- c:\program files\Easy DVD Player
2009-06-21 00:40 . 2009-06-21 00:40 -------- d-----w- c:\program files\WinDVD 8 Platinum
2009-06-21 00:22 . 2009-06-21 00:57 -------- d-----w- c:\program files\InterActual
2009-06-20 16:31 . 2009-06-20 16:33 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-06-16 15:07 . 2009-06-20 23:55 -------- d-----w- c:\program files\Unlocker
2009-06-15 18:03 . 2007-10-23 14:27 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2009-06-15 18:02 . 2008-05-02 15:41 3493888 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe
2009-06-15 18:02 . 2009-06-20 23:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-06-15 17:59 . 2009-06-15 17:59 -------- d-----w- c:\program files\ESTsoft
2009-06-15 16:03 . 2009-06-15 16:03 -------- d-----w- c:\windows\Sun
2009-06-15 00:07 . 2009-06-15 00:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\MediaMonkey
2009-06-15 00:07 . 2009-06-15 00:07 -------- d-----w- c:\program files\MediaMonkey
2009-06-14 23:10 . 2009-06-14 23:55 105 ----a-w- c:\windows\system32\_WDYSZYG.sys
2009-06-14 23:09 . 2009-06-14 23:10 -------- d-----w- c:\program files\WinUtilities
2009-06-14 20:40 . 2009-06-14 20:40 -------- d-----w- c:\windows\ASTULogTemp
2009-06-14 20:21 . 2009-06-14 20:21 -------- d-----w- c:\program files\Spb Backup
2009-06-14 19:15 . 2007-06-27 19:42 207488 ----a-r- c:\windows\system32\drivers\vinyl97.sys
2009-06-14 18:51 . 2009-06-14 19:12 -------- d-----w- C:\My Drivers
2009-06-14 18:48 . 2009-06-14 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-06-14 18:48 . 2009-06-14 18:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Innovative Solutions
2009-06-13 23:01 . 2009-06-13 23:01 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-13 22:07 . 2009-06-13 22:07 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-13 17:45 . 2009-06-13 17:45 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-06-13 17:20 . 2009-06-13 17:20 -------- d-----w- c:\program files\Java
2009-06-13 17:17 . 2009-06-13 23:00 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-13 16:20 . 2009-06-13 16:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2009-06-13 16:05 . 2009-06-13 16:05 -------- d-----w- c:\program files\SDM20
2009-06-13 14:16 . 2009-06-13 14:16 -------- d-----w- c:\program files\Hero Editor
2009-06-13 14:16 . 2009-06-13 14:16 249856 ----a-w- c:\windows\Setup1.exe
2009-06-13 14:16 . 2009-06-13 14:16 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-13 02:16 . 2009-06-13 14:05 35713 ----a-w- c:\windows\DIIUnin.dat
2009-06-13 02:16 . 2009-06-13 02:16 94208 ----a-w- c:\windows\DIIUnin.exe
2009-06-13 02:16 . 2009-06-13 02:16 2829 ----a-w- c:\windows\DIIUnin.pif
2009-06-13 02:10 . 2009-06-27 23:52 -------- d-----w- c:\program files\Diablo II
2009-06-12 15:05 . 2009-06-12 15:05 -------- d-----w- c:\program files\Google
2009-06-11 18:11 . 2009-06-16 23:22 -------- d-----w- c:\program files\TheWorld 3
2009-06-10 19:08 . 2009-06-10 19:08 -------- d-----w- c:\program files\Alcohol Soft
2009-06-09 16:24 . 2009-06-09 16:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\XemiComputers
2009-06-09 16:23 . 2009-06-09 16:23 -------- d-----w- c:\program files\XemiComputers
2009-06-09 11:09 . 2009-06-09 11:09 -------- d-----w- c:\program files\Microsoft Games
2009-06-07 19:39 . 2009-06-16 21:45 -------- d-----w- C:\mobile
2009-06-06 20:40 . 2009-06-29 00:15 -------- d-----w- C:\completedtorrents
2009-06-06 20:25 . 2009-06-29 00:15 -------- d-----w- C:\torrents
2009-06-06 20:23 . 2009-06-06 20:23 -------- d-----w- C:\rorrents
2009-06-06 19:31 . 1999-03-26 04:00 101888 ----a-w- c:\windows\system32\Vb6stkit.dll
2009-06-06 19:23 . 2009-06-06 19:51 -------- d-----w- c:\program files\eGames
2009-06-06 18:45 . 2009-06-07 01:23 -------- d-----w- c:\program files\PC Tools Disk Suite
2009-06-06 18:45 . 2009-06-06 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-06 00:32 . 2009-06-06 00:32 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{99D42EC7-652B-4819-B3E6-6450C815E03F}\ARPPRODUCTICON.exe
2009-06-06 00:32 . 2009-06-06 00:32 -------- d-----w- c:\program files\Common Files\Funk Software
2009-06-06 00:32 . 2009-06-06 00:32 -------- d-----w- c:\program files\Funk Software
2009-06-06 00:31 . 2003-07-17 03:43 94208 ----a-w- c:\windows\system32\W32N50CT.DLL
2009-06-06 00:31 . 2003-07-17 03:28 17142 ----a-w- c:\windows\system32\CBTNDIS5.SYS
2009-06-06 00:31 . 2002-02-02 05:00 1497088 ----a-w- c:\windows\system32\cc3260mt.dll
2009-06-06 00:31 . 2000-01-31 10:00 25600 ----a-w- c:\windows\system32\borlndmm.dll
2009-06-06 00:31 . 2000-01-31 10:00 1496064 ----a-w- c:\windows\system32\cc3250mt.dll
2009-06-06 00:31 . 2006-04-25 04:51 543104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2009-06-06 00:31 . 2002-08-12 19:56 1706800 ----a-w- c:\windows\system32\GdiPlus.dll
2009-06-06 00:31 . 2009-06-06 00:31 -------- d-----w- c:\program files\Linksys
2009-06-04 22:50 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-06-04 22:50 . 2009-06-04 22:50 -------- d-----w- c:\program files\MagicDisc
2009-06-04 22:48 . 2009-06-04 22:48 -------- d-----w- c:\program files\MagicISO
2009-06-04 20:04 . 2009-06-04 20:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-04 20:03 . 2009-06-04 20:03 -------- d-----w- c:\program files\AccessMV
2009-06-04 20:02 . 2009-06-04 20:02 -------- d-----w- c:\program files\VideoLAN
2009-06-04 19:04 . 2009-07-04 12:14 -------- d-----w- c:\program files\uTorrent2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 14:04 . 2009-05-23 02:21 -------- d-----w- c:\program files\Chameleon Clock
2009-07-04 13:46 . 2009-05-24 23:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit
2009-07-04 13:46 . 2009-05-23 02:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-07-04 13:40 . 2009-05-23 03:35 -------- d-----w- c:\program files\Panda Security
2009-07-04 13:39 . 2009-05-23 01:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-04 13:32 . 2009-05-23 02:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\MxBoost
2009-07-03 10:13 . 2009-05-31 19:33 -------- d-----w- c:\program files\Common Files\Skyscape
2009-06-29 01:18 . 2009-05-24 23:15 -------- d-----w- c:\program files\Orbitdownloader
2009-06-28 23:47 . 2009-05-23 01:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-20 16:31 . 2009-05-23 01:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\URSoft
2009-06-14 13:04 . 2009-05-23 03:16 -------- d-----w- c:\program files\Kantaris
2009-06-13 16:27 . 2009-05-24 23:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\GrabPro
2009-06-13 02:05 . 2009-05-23 14:46 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-06-13 02:05 . 2009-05-23 14:46 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-06-13 02:05 . 2009-05-23 14:46 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-06-11 15:32 . 2009-05-23 02:32 -------- d-----w- c:\program files\Maxthon2
2009-06-09 19:06 . 2009-05-23 02:46 42944 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 00:31 . 2009-05-23 00:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 17:24 . 2009-05-31 20:07 -------- d-----w- c:\program files\Skyscape
2009-06-03 14:42 . 2009-06-03 14:42 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-06-03 14:42 . 2009-06-03 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-06-03 02:33 . 2009-06-02 14:17 -------- d-----w- c:\program files\Common Files\LogoManager
2009-06-03 00:20 . 2009-06-03 00:17 -------- d-----w- c:\program files\Inesoft CalcNote
2009-06-03 00:11 . 2009-06-03 00:08 -------- d-----w- c:\program files\Inesoft Cash Organizer 2008 Premium
2009-06-01 14:43 . 2009-06-01 14:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Scooter Software
2009-06-01 02:36 . 2009-05-23 02:10 -------- d-----w- c:\program files\uTorrent
2009-05-31 20:07 . 2009-05-31 19:33 724992 ----a-w- c:\windows\iun6002.exe
2009-05-30 18:17 . 2009-05-30 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ConeXware
2009-05-29 21:40 . 2009-05-29 21:40 162816 ----a-w- c:\windows\system32\fmod.dll
2009-05-29 21:24 . 2009-05-28 00:19 -------- d-----w- c:\program files\Microsoft.NET
2009-05-29 21:17 . 2009-05-29 21:17 -------- d-----w- c:\program files\Festinger Software
2009-05-29 19:53 . 2009-05-29 19:53 -------- d-----w- c:\program files\Broadcom
2009-05-29 18:13 . 2009-05-29 18:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wallperizer
2009-05-29 15:34 . 2009-05-29 15:33 -------- d-----w- c:\program files\Ace Utilities
2009-05-29 14:39 . 2009-05-29 14:39 -------- d-----w- c:\program files\RadarSync
2009-05-28 19:52 . 2009-05-27 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\ImgBurn
2009-05-28 03:11 . 2009-05-28 03:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Panda Security
2009-05-28 03:09 . 2009-05-28 03:09 -------- d-----w- c:\program files\SOTI
2009-05-28 02:21 . 2009-05-28 02:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Conceiva
2009-05-28 02:21 . 2009-05-28 02:20 -------- d-----w- c:\program files\WinPcap
2009-05-28 02:19 . 2009-05-28 02:19 -------- d-----w- c:\program files\Conceiva
2009-05-28 02:19 . 2009-05-28 02:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-05-27 20:35 . 2009-05-27 20:35 -------- d-----w- c:\program files\7-Zip
2009-05-27 14:02 . 2009-05-23 03:16 -------- d-----w- c:\program files\doubleTwist 2.0
2009-05-27 03:37 . 2009-05-23 00:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-27 01:21 . 2009-05-27 01:21 -------- d-----w- c:\program files\KLC
2009-05-26 22:30 . 2009-05-25 23:20 -------- d-----w- c:\program files\ImgBurn
2009-05-26 15:49 . 2009-05-26 15:44 -------- d-----w- c:\program files\Hide My IP 2009
2009-05-26 03:19 . 2009-05-24 22:11 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-05-26 03:19 . 2009-05-26 03:19 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-26 01:54 . 2009-05-26 01:54 -------- d-----w- c:\program files\Paragon Software
2009-05-25 22:13 . 2009-05-25 22:13 -------- d-----w- c:\program files\CBS Software
2009-05-25 15:26 . 2009-05-25 15:25 -------- d-----w- c:\program files\Full Speed
2009-05-25 15:12 . 2009-05-25 15:12 6656 ----a-w- c:\windows\system32\drivers\iPodDrv.sys
2009-05-25 04:26 . 2009-05-24 21:25 -------- d-----w- c:\program files\SRWare Iron
2009-05-25 03:27 . 2009-05-25 03:27 -------- d-----w- c:\program files\Common Files\PSFactoryBuffer
2009-05-25 00:28 . 2009-05-25 00:26 -------- d-----w- c:\program files\Wyzo
2009-05-25 00:27 . 2009-05-25 00:27 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 00:27 . 2009-05-25 00:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Radical Software Ltd
2009-05-24 20:18 . 2009-05-24 20:18 -------- d-----w- c:\program files\MSBuild
2009-05-24 20:18 . 2009-05-24 20:18 64200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-24 20:13 . 2009-05-24 20:13 -------- d-----w- c:\program files\Reference Assemblies
2009-05-24 19:56 . 2009-05-24 19:56 -------- d-----w- c:\program files\Opera
2009-05-24 19:42 . 2009-05-24 19:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-05-24 19:33 . 2009-05-23 03:37 -------- d-----w- c:\program files\AskBarDis
2009-05-24 19:09 . 2009-05-24 19:09 -------- d-----w- c:\program files\MyLifeOrganized.net
2009-05-23 14:47 . 2009-05-23 03:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-05-23 04:45 . 2009-05-23 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-05-23 03:40 . 2009-05-23 03:39 -------- d-----w- c:\program files\Weather Watcher
2009-05-23 03:39 . 2009-05-23 03:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\WeatherWatcher
2009-05-23 03:37 . 2009-05-23 03:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit
2009-05-23 03:37 . 2009-05-23 03:37 -------- d-----w- c:\program files\Foxit Software
2009-05-23 03:36 . 2009-05-23 03:36 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-23 03:29 . 2009-05-23 03:29 -------- d-----w- c:\program files\ffdshow
2009-05-23 03:18 . 2009-05-23 03:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\kantaris
2009-05-23 03:16 . 2009-05-23 03:16 622432 ----a-w- c:\documents and settings\Administrator\Application Data\OpenCandy\doubleTwistSetup.exe
2009-05-23 03:16 . 2009-05-23 03:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenCandy
2009-05-23 02:48 . 2009-05-23 02:48 0 ----a-w- c:\windows\system32\cid_store.dat
2009-05-23 02:46 . 2009-05-23 02:46 -------- d-----w- c:\program files\MotionApps
2009-05-23 01:02 . 2009-05-23 01:02 -------- d-----w- c:\program files\SigmaTel
2009-05-23 01:02 . 2009-05-23 00:53 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-23 01:00 . 2009-05-23 01:00 -------- d-----w- c:\program files\Digital Line Detect
2009-05-23 00:59 . 2009-05-23 00:56 -------- d-----w- c:\program files\CONEXANT
2009-05-23 00:55 . 2009-05-23 00:55 -------- d-----w- c:\program files\Modem Helper
2009-05-23 00:55 . 2009-05-23 00:55 -------- d-----w- c:\program files\Broadcom Advanced Control Suite
2009-05-23 00:54 . 2009-05-23 00:54 -------- d-----w- c:\program files\Intel
2009-05-23 00:46 . 2009-05-23 00:46 -------- d-----w- c:\program files\microsoft frontpage
2009-05-23 00:40 . 2009-05-23 00:40 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 17:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"HomeAlarm"="c:\program files\Chameleon Clock\ChamClock.exe" [2007-12-11 709632]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2009-05-07 1089536]
"MLOWMSync.exe"="c:\program files\MyLifeOrganized.net\MLO\MLOWMSync.exe" [2009-02-16 245760]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2009-06-05 4520960]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"uTorrent"="c:\program files\uTorrent2\uTorrent.exe" [2009-06-23 782336]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-05-08 1003520]
"SandboxieControl"="j:\program files\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"DownloadStudio"="c:\program files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe" [2009-05-01 156312]
"Linksys Wireless-N Notebook Adapter"="c:\program files\Linksys\Wireless-N Network Monitor\WPC300N.exe" [2006-04-28 36864]
"DiskSuite"="c:\program files\PC Tools Disk Suite\aDSProcMngr.exe" [2009-01-16 267584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 148888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-6-4 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-5-22 24576]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-24 1719496]
Spb Backup Sync.lnk - c:\program files\Spb Backup\SpbBackupSync.exe [2009-6-14 430080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PSFactoryBuffer"= {7db1aaf8-4756-410a-8210-16b49208a6b6} - c:\program files\Common Files\PSFactoryBuffer\PSFactoryBuffer.dll [2009-05-25 110592]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\MotionApps\\mDesktop v2\\MotionAppsDesktop.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\uTorrent2\\uTorrent.exe"=
"c:\\Program Files\\TheWorld 3\\TheWorld.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 DiskSuiteService;PC Tools Disk Suite;c:\program files\PC Tools Disk Suite\DSService.exe [6/6/2009 1:45 PM 869696]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [5/25/2009 10:12 AM 6656]
R3 SbieDrv;SbieDrv;j:\program files\Sandboxie\SbieDrv.sys [5/28/2009 8:32 AM 108032]
S2 EasyHideIP;EasyHideIP;f:\program files\Easy-Hide-IP\services\EasyHideIp.exe --> f:\program files\Easy-Hide-IP\services\EasyHideIp.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [5/26/2009 10:44 AM 536896]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\SecureNet.dll
DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} - hxxp://iu.ak.sonico.com//ImageUploader.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\umzmkrti.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 09:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1964)
c:\program files\Funk Software\Funk Client\odLogin.dll

- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\SecureNet.dll
.
Completion time: 2009-07-04 9:21
ComboFix-quarantined-files.txt 2009-07-04 14:20

Pre-Run: 1,728,237,568 bytes free
Post-Run: 2,246,434,816 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

324 --- E O F --- 2009-06-08 17:26

[tetonbob]

Can you install an AntiVirus now? If so, please do so, but ensure there's only one installed. Post a new DDS log once you have, or let me know if there are problems with that.

[trippwojohn]

I got the Panda one-month trial loaded, but it won't update for some reason... Here's my DDS and Attach files:



DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 8:01:35.75 on Sun 07/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.629 [GMT -5:00]

AV: Panda Antivirus Pro 2010 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Personal Firewall 2010 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\PC Tools Disk Suite\DSService.exe
C:\WINDOWS\system32\svchost -k Panda
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda antivirus pro 2010\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
j:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Program Files\PC Tools Disk Suite\aDSProcMngr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\MyLifeOrganized.net\MLO\MLOWMSync.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
J:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Spb Backup\SpbBackupSync.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
C:\Program Files\Hide My IP 2009\SecureSrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Iface.exe
C:\Program Files\PC Tools Disk Suite\Update.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.orbitdownloader.com
uURLSearchHooks: H - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DownloadStudio IE Add-on: {8170d7dc-bdd6-461e-88eb-f047257898c9} - c:\program files\conceiva\downloadstudio\DLMonitr.dll
BHO: FoxmarksDLLBHO Class: {a2a71aba-3939-43b2-bd8f-8c1767ef9020} - c:\program files\xmarks\ie extension\foxmarksdll.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [HomeAlarm] c:\program files\chameleon clock\ChamClock.exe
uRun: [WeatherWatcher] "c:\program files\weather watcher\ww.exe"
uRun: [MLOWMSync.exe] c:\program files\mylifeorganized.net\mlo\MLOWMSync.exe
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [uTorrent] "c:\program files\utorrent2\uTorrent.exe"
uRun: [Xmarks] c:\program files\xmarks\ie extension\xmarkssync.exe -q
uRun: [SandboxieControl] "j:\program files\sandboxie\SbieCtrl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DownloadStudio] c:\program files\conceiva\downloadstudio\DownloadStudioScheduleMonitor.exe
mRun: [Linksys Wireless-N Notebook Adapter] c:\program files\linksys\wireless-n network monitor\WPC300N.exe
mRun: [DiskSuite] c:\program files\pc tools disk suite\aDSProcMngr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus pro 2010\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda antivirus pro 2010\Inicio.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spbbac~1.lnk - c:\program files\spb backup\SpbBackupSync.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\windows\system32\SecureNet.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} - hxxp://iu.ak.sonico.com//ImageUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243047895324
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244054291176
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: avldr - avldr.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: PSFactoryBuffer - {7db1aaf8-4756-410a-8210-16b49208a6b6} - c:\program files\common files\psfactorybuffer\PSFactoryBuffer.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\umzmkrti.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-7-4 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-7-4 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-7-4 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-7-4 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-7-4 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-7-4 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-7-4 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-7-4 46720]
R2 DiskSuiteService;PC Tools Disk Suite;c:\program files\pc tools disk suite\DSService.exe [2009-6-6 869696]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2009-5-25 6656]
R2 NICSer_WPC300N;NICSer_WPC300N;c:\program files\linksys\wireless-n network monitor\NICServ.exe [2009-6-5 452608]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus pro 2010\PsCtrlS.exe [2009-7-4 173312]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2009-7-4 84024]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-7-4 177416]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2009-7-4 62768]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus pro 2010\psksvc.exe [2009-7-4 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-7-4 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
R3 SbieDrv;SbieDrv;j:\program files\sandboxie\SbieDrv.sys [2009-5-28 108032]
R3 SecureSrv;SecureSrv;c:\program files\hide my ip 2009\SecureSrv.exe [2009-5-26 536896]
S2 EasyHideIP;EasyHideIP;f:\program files\easy-hide-ip\services\easyhideip.exe --> f:\program files\easy-hide-ip\services\EasyHideIp.exe [?]
S2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus pro 2010\PavFnSvr.exe [2009-7-4 169216]
S2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda antivirus pro 2010\PAVSRV51.EXE [2009-7-4 290048]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandaa~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandaa~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandaa~1\PavScrip.exe "%1" %*

=============== Created Last 30 ================

2009-07-04 22:37 250 a------- c:\windows\system32\PavCPL.dat
2009-07-04 22:37 214,840 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-07-04 22:37 214,840 a------- c:\windows\system32\drivers\APPFCONT.DAT
2009-07-04 22:37 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-07-04 22:37 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG
2009-07-04 22:37 193,792 a------- c:\windows\system32\drivers\idsflt.sys
2009-07-04 22:37 52,992 a------- c:\windows\system32\drivers\dsaflt.sys
2009-07-04 22:37 46,720 a------- c:\windows\system32\drivers\wnmflt.sys
2009-07-04 22:37 158,848 a------- c:\windows\system32\drivers\NETFLTDI.SYS
2009-07-04 22:37 73,728 a------- c:\windows\system32\drivers\APPFLT.SYS
2009-07-04 22:37 22,072 a------- c:\windows\system32\drivers\fnetmon.sys
2009-07-04 22:36 54,832 a------- c:\windows\system32\pavcpl.cpl
2009-07-04 22:36 446,464 a------- c:\windows\system32\HHActiveX.dll
2009-07-04 22:36 193,792 a------- c:\windows\system32\TpUtil.dll
2009-07-04 22:36 107,568 a------- c:\windows\system32\SYSTOOLS.DLL
2009-07-04 22:36 87,296 a------- c:\windows\system32\PavLspHook.dll
2009-07-04 22:36 55,552 a------- c:\windows\system32\pavipc.dll
2009-07-04 22:36 518,400 a------- c:\windows\system32\PavSHook.dll
2009-07-04 22:35 197,888 a------- c:\windows\system32\drivers\neti1634.sys
2009-07-04 22:35 84,024 a------- c:\windows\system32\drivers\pavdrv51.sys
2009-07-04 22:35 58,672 a------- c:\windows\system32\avldr.dll
2009-07-04 22:35 <DIR> --d----- c:\windows\system32\PAV
2009-07-04 22:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Panda Security
2009-07-04 22:30 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-07-04 22:29 177,416 a------- c:\windows\system32\drivers\PavProc.sys
2009-07-04 22:29 41,144 a------- c:\windows\system32\drivers\ShlDrv51.sys
2009-07-04 22:29 <DIR> --d----- c:\program files\common files\Panda Security
2009-07-04 19:55 <DIR> --d----- c:\program files\AVG
2009-07-04 18:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Backup
2009-07-04 16:37 3,249 a------- c:\windows\system32\wbem\Outlook_01c9fcefa1f7bab0.mof
2009-07-04 16:11 <DIR> --d----- c:\program files\TheWorld 2.0
2009-07-04 14:25 <DIR> --d----- c:\program files\GameSpy Arcade
2009-07-04 12:47 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-04 09:17 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-04 09:02 <DIR> a-dshr-- C:\cmdcons
2009-07-04 08:47 161,792 a------- c:\windows\SWREG.exe
2009-07-04 08:47 155,136 a------- c:\windows\PEV.exe
2009-07-04 08:47 98,816 a------- c:\windows\sed.exe
2009-07-04 08:47 <DIR> --ds---- C:\ComboFix2
2009-07-02 21:25 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-02 21:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-02 21:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 21:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-02 20:00 <DIR> --d----- c:\documents and settings\administrator\.housecall6.6
2009-07-01 12:24 1,426 a------- c:\windows\Sandboxie.ini
2009-06-28 15:45 545 a------- c:\windows\UC.PIF
2009-06-28 15:45 545 a------- c:\windows\RAR.PIF
2009-06-28 15:45 545 a------- c:\windows\PKZIP.PIF
2009-06-28 15:45 545 a------- c:\windows\PKUNZIP.PIF
2009-06-28 15:45 545 a------- c:\windows\NOCLOSE.PIF
2009-06-28 15:45 545 a------- c:\windows\LHA.PIF
2009-06-28 15:45 545 a------- c:\windows\ARJ.PIF
2009-06-28 15:45 <DIR> --d----- C:\totalcmd
2009-06-28 15:45 <DIR> --d----- c:\docume~1\admini~1\applic~1\GHISLER
2009-06-28 15:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-06-24 12:44 <DIR> --d----- c:\docume~1\admini~1\applic~1\Thinstall
2009-06-24 12:44 <DIR> --d----- c:\program files\SpeedConnect Internet Accelerator
2009-06-24 06:27 <DIR> --d----- c:\program files\Xmarks
2009-06-21 17:18 <DIR> --d----- c:\program files\WhereIsIt
2009-06-21 17:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WhereIsIt
2009-06-21 17:14 <DIR> --d----- c:\docume~1\admini~1\applic~1\Boost Windows
2009-06-20 20:02 <DIR> --d----- c:\program files\Easy DVD Player
2009-06-20 19:59 0 a------- c:\windows\iplayer.INI
2009-06-20 19:40 <DIR> --d----- c:\program files\WinDVD 8 Platinum
2009-06-20 19:22 <DIR> --d----- c:\program files\InterActual
2009-06-20 11:31 <DIR> --d----- c:\program files\Your Uninstaller 2008
2009-06-16 10:07 <DIR> --d----- c:\program files\Unlocker
2009-06-15 12:59 <DIR> --d----- c:\program files\ESTsoft
2009-06-14 19:07 <DIR> --d----- c:\program files\MediaMonkey
2009-06-14 18:10 105 a------- c:\windows\system32\_WDYSZYG.sys
2009-06-14 18:09 <DIR> --d----- c:\program files\WinUtilities
2009-06-14 15:40 111,879 a------- c:\windows\system32\ASTULog.cab
2009-06-14 15:40 1,050 a------- c:\windows\system32\setup.inf
2009-06-14 15:40 283 a------- c:\windows\system32\setup.rpt
2009-06-14 15:40 <DIR> --d----- c:\windows\ASTULogTemp
2009-06-14 15:21 <DIR> --d----- c:\program files\Spb Backup
2009-06-14 14:15 207,488 a----r-- c:\windows\system32\drivers\vinyl97.sys
2009-06-14 13:51 <DIR> --d----- C:\My Drivers
2009-06-14 13:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Innovative Solutions
2009-06-13 18:01 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-13 18:01 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-13 11:05 <DIR> --d----- c:\program files\SDM20
2009-06-13 09:16 <DIR> --d----- c:\program files\Hero Editor
2009-06-13 09:16 249,856 a------- c:\windows\Setup1.exe
2009-06-13 09:16 73,216 a------- c:\windows\ST6UNST.EXE
2009-06-12 21:16 35,713 a------- c:\windows\DIIUnin.dat
2009-06-12 21:16 94,208 a------- c:\windows\DIIUnin.exe
2009-06-12 21:16 2,829 a------- c:\windows\DIIUnin.pif
2009-06-12 21:10 <DIR> --d----- c:\program files\Diablo II
2009-06-10 14:08 <DIR> --d----- c:\program files\Alcohol Soft
2009-06-09 11:24 <DIR> --d----- c:\docume~1\admini~1\applic~1\XemiComputers
2009-06-09 11:23 <DIR> --d----- c:\program files\XemiComputers
2009-06-09 06:09 <DIR> --d----- c:\program files\Microsoft Games
2009-06-07 14:39 <DIR> --d----- C:\mobile
2009-06-06 15:40 <DIR> --d----- C:\completedtorrents
2009-06-06 15:25 <DIR> --d----- C:\torrents
2009-06-06 15:23 <DIR> --d----- C:\rorrents
2009-06-06 14:51 82,960 a------- c:\windows\system32\Picclp32.ocx
2009-06-06 14:31 1,760 a------- c:\windows\system32\objsafe.tlb
2009-06-06 14:31 1,453 a------- c:\windows\system32\Project2.INF
2009-06-06 14:31 101,888 a------- c:\windows\system32\Vb6stkit.dll
2009-06-06 14:31 70,088 a------- c:\windows\system32\Project2-1.ocx
2009-06-06 14:23 <DIR> --d----- c:\program files\eGames
2009-06-06 13:45 <DIR> --d----- c:\program files\PC Tools Disk Suite
2009-06-06 13:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-06 12:38 3,249 a------- c:\windows\system32\wbem\Outlook_01c9e6cda5ab6b30.mof
2009-06-05 19:32 61 a------- c:\windows\init.ini
2009-06-05 19:32 <DIR> --d----- c:\program files\Funk Software
2009-06-05 19:32 <DIR> --d----- c:\program files\common files\Funk Software
2009-06-05 19:31 1,497,088 a------- c:\windows\system32\cc3260mt.dll
2009-06-05 19:31 1,496,064 a------- c:\windows\system32\cc3250mt.dll
2009-06-05 19:31 94,208 a------- c:\windows\system32\W32N50CT.DLL
2009-06-05 19:31 25,600 a------- c:\windows\system32\borlndmm.dll
2009-06-05 19:31 17,142 a------- c:\windows\system32\CBTNDIS5.SYS
2009-06-05 19:31 4,716 a------- c:\windows\system32\Version.lib
2009-06-05 19:31 543,104 a------- c:\windows\system32\drivers\BCMWL5.SYS
2009-06-05 19:31 1,706,800 a------- c:\windows\system32\GdiPlus.dll
2009-06-05 19:31 <DIR> --d----- c:\program files\Linksys

==================== Find3M ====================

2009-06-12 21:05 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-06-12 21:05 17,212 a------t c:\windows\system32\SIntf32.dll
2009-06-12 21:05 12,067 a------t c:\windows\system32\SIntf16.dll
2009-05-31 15:07 724,992 a------- c:\windows\iun6002.exe
2009-05-29 16:40 162,816 a------- c:\windows\system32\fmod.dll
2009-05-26 22:37 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-25 10:12 6,656 a------- c:\windows\system32\drivers\iPodDrv.sys
2009-05-22 22:36 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-22 19:40 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 8:03:06.28 ===============

[tetonbob]

Rather than use a succession of trial software, which invariably becomes outdated and leaves the machine unprotected, why not use a free AntiVirus, whose subscription will not expire, or can be freely renewed in a year or so?

Avira, Avast and AVG all have free offerings. I generally suggest Avira.

What happens when you try to update the Panda trial you've installed?


There are many errors in the Event Viewer log. Here's but one

7/4/2009 10:18:18 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

Did you perform a chkdsk when you received this message? Were any issues found/resolved?

This system may be a candidate for a reinstall, based on all the issues you've reported, and the fact that it had a rootkit onboard.

Quote:

C: is FIXED (NTFS) - 19 GiB total, 1.488 GiB free.

Not near enough free space for an XP machine. XP needs 15% free

==============================

As mentioned in our preposting topic:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Quote:

3. Uninstall the following via Add or Remove Programs in Control Panel:

• p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues.

P2P - I see you have P2P software ( µTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

[trippwojohn]

The update for Panda said that the downloaded update was corrupt...4 times in a row. Then it stopped working completely. I'm downloading Avira now, on your recommendation.

I freed up about 5 gigs on my C:, as well, on your recommendation. I ran a chkdsk, and the system didn't find any errors, so I don't know why DDS gave that message.

As far as AV programs go, which one would you recommend of the for-pay products? I'm not averse to buying one, but I'm a college student, so I don't have a lot on money. Which would you say is the greatest value for the dollar?

As far as P2P software, because my computer seems to be so finnicky, I like to try out software before I buy it. I definitely would not consider "stealing" software as others seem to take pleasure in. I always scan everything I download, and try to run the programs "sandboxed" several times before actually installing them. The problem only arose when the Panda cloud AV stopped functioning...I've never had an infection before in my life, which is remarkable considering I have owned computers continually for about 20 years.

Thank you very much for your assistance and advice, and please let me know if you have any other suggestions! Have a great week, and I hope to hear from you soon! Peace--

[tetonbob]

Quote:

because my computer seems to be so finnicky

I still think a format and reinstall might do this machine a world of good, but we can try to move forward.

Making so many changes, with so many security products, often leaves a mess behind.

DDS reads the Event Logs Windows has created, so it's only telling us what Windows is saying.

The rootkit infection you had comes from various places; fake codecs, malicious sites, unsavory sites.

Many softwares have legit trials. Downloading from torrents leaves you open to infection.

Once you've uninstalled Panda, rebooted, installed Avira, updated and run a full system scan, please post the log created.

There is an installation guide here

When the scan is complete, click on the Report button. A log file will open. Please post that in your next reply.

Also post a new DDS log.

[tetonbob]

Still with me, trippwojohn?

I generally unsubscribe from threads after 7 days of inactivity. If I don't receive a reply from you within 24 hours of this post, this topic will be closed.

[trippwojohn]

Sorry I haven't responded to your kind assistance...my wife has been in the hospital, and I haven't even sat down at this machine in several days. I'll give you a shout tomorrow and let you know of my progress. Thanks!

[tetonbob]

I'm sorry to hear that, I hope all will be well.

Real Life is much more important, take your time, and just keep me apprised.

Thanks for letting me know.

[trippwojohn]

OK...I give up. Avira won't install, nor AVG. I'm going to go ahead and reformat and do a clean install on my c:. You never did answer my question about the purchase of an AV product. If I were to purchase one, which would you recommend? I've read very good things about both Kaspersky and NOD32, but I will certainly consider whatever you recommend. Also, would you recommend just an AV, or an IS program? It seems like the IS is a more powerful option, but I'm not sure what I need. Also, should I reinstall XP, or one of the Win7 release candidates, since I will probably go to a Win7 once it comes out, anyway. What about a dual-boot scenario? The only things that concern me are the facts that my c: is only 20gigs, and I'm maxed out as far as RAM goes...my inspiron 1100 laptop won't work with more than one GB, from what I've read on the Dell website. Please let me know your opinions on these matters, and I'll get started with the rebuilding of this crazy machine. Thanks again for your efforts to help me!

[tetonbob]

I use NOD32, and like it a lot. Of the paid applications, I also prefer NOD32 and kaspersky. Suites have their place, I happen to prefer standalone components.

You can read more info here

PC Safety and Security--What Do I Need?


Mostly, I help people remove malware, but I'll try to offer a couple of thoughts on your queries.

I would not personally install an RC candidate on my main machine. This machine seems under-spec'd for that OS, with the small hdd, and an older CPU - Pentium P4 2Ghz. Rather than putting more money into this machine, it may be time to consider upgrading to get Vista/Windows7 ready.

You might want to seek opinions on that in the Windows XP or Windows Vista/Windows7 sections of the forum. I also don't dual-boot, so I can't advise.

If you need help with your reinstall, please ask in our Windows XP support forum. The staff and members in that area will be better able to assist you with that.

[trippwojohn]

Well, thanks again for all your help. I'm really tempted to buy a larger 2.5" hdd to put in this machine, as it seems like it has been nothing but trouble. Before I do that, though, I'm going to see if I can get this machine running OK one last time with the current hardware. Peace to you and yours--