ComboFix.txt is below
ComboFix 11-04-11.02 - Beth 04/11/2011 20:58:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3581.1500 [GMT -5:00]
Running from: c:\users\Beth\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-12 02:03 . 2011-04-12 02:03 -------- d-----w- c:\users\Beth\AppData\Local\temp
2011-04-09 19:37 . 2011-03-23 15:11 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FED18015-C156-4AC4-81EE-15930D491183}\mpengine.dll
2011-04-09 19:37 . 2011-02-02 23:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-09 19:25 . 2011-04-09 19:25 72 ----a-w- c:\windows\RAVTC.TMP
2011-04-09 19:25 . 2011-04-09 19:25 -------- d-----w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan9094.tmp
2011-04-08 21:32 . 2011-04-08 21:32 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-04-08 07:52 . 2011-04-08 07:52 -------- d-----w- c:\users\Beth\Pavark
2011-04-08 05:15 . 2011-04-08 05:15 -------- d-----w- c:\users\Beth\AppData\Roaming\Malwarebytes
2011-04-08 05:14 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-08 05:14 . 2011-04-08 05:14 -------- d-----w- c:\programdata\Malwarebytes
2011-04-08 05:14 . 2011-04-08 05:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-08 05:14 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-08 00:16 . 2011-04-08 00:16 -------- d-----w- c:\users\Beth\AppData\Roaming\Panda Security
2011-04-08 00:15 . 2011-04-08 00:15 -------- d-----w- c:\users\Beth\AppData\Local\panda2_0dn
2011-04-08 00:15 . 2011-04-08 21:35 -------- d-----w- c:\programdata\Panda Security URL Filtering
2011-04-08 00:14 . 2011-04-08 00:14 -------- d-----w- c:\programdata\Panda Security
2011-04-08 00:13 . 2011-04-08 00:15 -------- d-----w- c:\program files\Panda Security
2011-04-06 23:14 . 2011-04-07 02:17 -------- d-----w- c:\programdata\STOPzilla!
2011-03-14 20:42 . 2011-03-14 20:42 -------- d--h--w- c:\programdata\Common Files
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 20:34 . 2009-08-18 17:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-14 20:34 . 2009-08-18 17:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-21 21:44 . 2007-12-09 13:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-21 21:44 . 2007-12-09 13:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Beth\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 23:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-09 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-10 202544]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-12-16 423232]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2010-12-19 223400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Beth\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-9 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-12-9 679936]
Ultrawideband Control Center.lnk - c:\program files\Dell\Dell WUSB\WQ_Tray2.exe [2007-8-4 1965112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 CloudAvUpdater;CloudAvUpdater;c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan9094.tmp\setup.exe [2010-12-02 739136]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-15 30192]
R3 WQ_USBLOAD;WiQuest WUSB Loader driver;c:\windows\system32\DRIVERS\WQ_ldr.sys [2007-09-10 33464]
R4 WQ_USBCBAF;WiQuest Cable Association driver;c:\windows\system32\drivers\wq_cba.sys [2007-09-10 33976]
R4 WQ_USBDWA;WiQuest Device Wire Adapter driver;c:\windows\system32\drivers\wq_dwa.sys [2007-09-10 94008]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-12-16 126536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-12-16 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-12-16 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-12-16 111176]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-12-16 113736]
S3 WQ_USBHWA;WiQuest Host Wire Adapter driver;c:\windows\system32\DRIVERS\WQ_hwa.sys [2007-09-10 157752]
S3 WQ_USBRCI;WiQuest UltraWideBand driver;c:\windows\system32\DRIVERS\WQ_rci.sys [2007-09-10 75448]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2006-11-02 16896]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXTDQPOW
*Deregistered* - eeCtrl
*Deregistered* - pxtdqpow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 01:21]
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 01:21]
.
2011-04-12 c:\windows\Tasks\Norton Security Scan for Beth.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-14 14:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-11 21:03
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-11 21:05:13
ComboFix-quarantined-files.txt 2011-04-12 02:05
.
Pre-Run: 32,273,031,168 bytes free
Post-Run: 32,396,460,032 bytes free
.
- - End Of File - - B06FFCCB80C4F89E031FB0D2131C3ACC