Malwarebytes won't Install - Personal Antivirus

I have been infected with Personal Antivirus and it is really screwing with my computer. Malwarebytes anti-malware is about the fifth program I've tried to use and nothing has worked so far. The problem I'm getting is that it locks up during the installation. I'm trying to install it in safe mode and it locks up when it says either "extracting files" or "finishing installation". I really would appreciate it if someone could help me out. This has really put me in a major bind. Thank you for any help.

-Tripp

Another thing... I thought it may help if I posted a Hijack This log file, but I am also unable to install Hijack this. Thanks for any help.

-Tripp

Hello.
Can you download Hijack This from here:
http://www.sendspace.com/pro/dl/932rpd

Ok, that worked. Thank you for your help! Here is a copy of the log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:55 PM, on 7/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\NetFilter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\linksys\winlogon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: &Helper - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\WINDOWS\system32\msxmlm.dll
O3 - Toolbar: Dictionary.com Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PersonalAV] C:\Program Files\PersonalAV\pav.exe
O4 - HKLM\..\Run: [MSDRV] NetFilter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226949963593
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Google Update Service (gupdate1c98cb66b566872) (gupdate1c98cb66b566872) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 5691 bytes

Hello trippstrat,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

• If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  
• If you have any cracked/pirated software in your computer delete them or we will not help you.
  
• Only follow advise from Geek Police Staff and not a regular member.
  
• Do NOT run any tool without Geek Police supervision as it could hinder your system useless.
  

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
  O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
  O2 - BHO: &Helper - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\WINDOWS\system32\msxmlm.dll
  O3 - Toolbar: Dictionary.com Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
  O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
  O4 - HKLM\..\Run: [PersonalAV] C:\Program Files\PersonalAV\pav.exe
  O4 - HKLM\..\Run: [MSDRV] NetFilter.exe
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

Origin,

Thank you so much for helping me fix this. I did what you said. However, I cannot open Spybot search and destroy anymore. It just freezes up also. So, I just removed the program entirely before running combofix. Anyway, here is the combofix.txt...

ComboFix 09-07-29.04 - Owner 07/30/2009 23:27.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.357 [GMT -4:00]
Running from: c:\linksys\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_003534_.tmp.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\UACaspdpkowbm.sys
c:\windows\system32\UACiblllnrvdh.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACiqjwbpmwwq.dll
c:\windows\system32\UACovytslswgu.dll
c:\windows\system32\UACrpevdnqwhk.dll
c:\windows\system32\UACyiemlempjx.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-30 17:19 . 2009-07-30 17:19 -------- d-----w- c:\program files\AVG
2009-07-30 17:02 . 2009-07-30 17:02 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-07-29 22:02 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 22:02 . 2009-07-29 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-29 22:02 . 2009-07-29 22:02 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-29 22:02 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 22:01 . 2009-07-29 22:01 -------- d-----w- C:\pd
2009-07-29 20:51 . 2009-07-29 20:51 -------- d-----w- c:\program files\Enigma Software Group
2009-07-29 20:28 . 2009-07-29 20:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-29 20:26 . 2009-07-29 20:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-29 20:15 . 2009-07-29 20:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-29 18:34 . 2009-07-29 18:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec
2009-07-29 18:16 . 2009-07-31 03:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 18:16 . 2009-07-31 03:04 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-26 00:22 . 2009-07-24 17:38 118784 ----a-w- c:\windows\system32\NetFilter.exe
2009-07-26 00:22 . 2009-06-22 14:58 24576 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2009-07-26 00:22 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll
2009-07-26 00:21 . 2009-07-26 00:21 -------- d-----w- c:\program files\Common Files\Uninstall
2009-07-19 18:40 . 2009-07-19 18:43 116839 ----a-w- c:\windows\hpqins00.dat
2009-07-08 18:13 . 2009-07-31 03:15 -------- d-----w- C:\linksys
2009-07-08 18:03 . 2009-07-08 18:03 -------- d-----w- c:\windows\system32\LogFiles
2009-07-08 03:50 . 2009-07-08 03:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-01 05:30 . 2009-07-01 05:30 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-07-01 05:28 . 2009-07-01 05:28 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-07-01 05:27 . 2009-07-01 05:27 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-07-01 05:23 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-01 05:23 . 2009-07-01 05:23 -------- d-----w- c:\windows\ie8updates
2009-07-01 05:22 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-01 05:21 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-01 05:17 . 2009-07-01 05:21 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 20:40 . 2008-11-17 20:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-29 20:25 . 2008-11-17 19:05 -------- d-----w- c:\program files\NortonInstaller
2009-07-29 20:24 . 2008-11-17 19:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Norton
2009-07-29 19:24 . 2009-02-12 02:01 -------- d-----w- c:\program files\Google
2009-07-22 00:10 . 2009-03-09 05:18 56 --sh--r- c:\windows\system32\27E14D40BC.sys
2009-07-22 00:10 . 2009-03-09 05:18 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-03 17:09 . 2003-03-31 14:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-23 15:07 . 2009-02-26 00:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-16 14:36 . 2003-03-31 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-03-31 14:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:27 . 2008-12-24 17:39 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-06-03 19:09 . 2003-03-31 14:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2003-03-31 14:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-02-12 02:01 . 2009-02-12 02:01 1038968 ----a-w- c:\program files\Google_Updater.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S2 gupdate1c98cb66b566872;Google Update Service (gupdate1c98cb66b566872);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 10:05 PM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - NDISRD

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?source=gama&hl=en
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 23:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1801674531-854245398-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2009-07-31 23:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 03:38

Pre-Run: 70,665,252,864 bytes free
Post-Run: 74,380,455,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

146 --- E O F --- 2009-07-29 00:02

BUMP

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\NetFilter.exe
c:\windows\system32\27E14D40BC.sys

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Thank you. Here it is...

ComboFix 09-07-29.04 - Administrator 08/02/2009 17:37.2.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.393 [GMT -4:00]
Running from: c:\linksys\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\27E14D40BC.sys"
"c:\windows\system32\NetFilter.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\27E14D40BC.sys
c:\windows\system32\NetFilter.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-07-31 17:39 . 2009-07-31 17:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-07-31 12:18 . 2009-07-31 12:18 -------- d-----w- C:\am
2009-07-30 17:19 . 2009-07-30 17:19 -------- d-----w- c:\program files\AVG
2009-07-29 22:02 . 2009-07-31 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-29 20:14 . 2009-07-29 20:26 -------- d-----w- c:\documents and settings\Administrator
2009-07-29 20:14 . 2009-07-29 20:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-29 18:16 . 2009-07-31 03:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 18:16 . 2009-07-31 03:04 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-26 00:22 . 2009-06-22 14:58 24576 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2009-07-26 00:22 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll
2009-07-26 00:21 . 2009-07-26 00:21 -------- d-----w- c:\program files\Common Files\Uninstall
2009-07-19 18:40 . 2009-07-19 18:43 116839 ----a-w- c:\windows\hpqins00.dat
2009-07-08 18:13 . 2009-07-31 03:15 -------- d-----w- C:\linksys
2009-07-08 18:03 . 2009-07-08 18:03 -------- d-----w- c:\windows\system32\LogFiles
2009-07-08 03:50 . 2009-07-08 03:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 20:51 . 2009-07-29 20:51 -------- d-----w- c:\program files\Enigma Software Group
2009-07-29 20:40 . 2008-11-17 20:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-29 20:28 . 2009-07-29 20:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-29 20:25 . 2008-11-17 19:05 -------- d-----w- c:\program files\NortonInstaller
2009-07-29 20:24 . 2008-11-17 19:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Norton
2009-07-29 19:24 . 2009-02-12 02:01 -------- d-----w- c:\program files\Google
2009-07-22 00:10 . 2009-03-09 05:18 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-03 17:09 . 2003-03-31 14:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-23 15:07 . 2009-02-26 00:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-16 14:36 . 2003-03-31 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-03-31 14:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2003-03-31 14:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2003-03-31 14:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-02-12 02:01 . 2009-02-12 02:01 1038968 ----a-w- c:\program files\Google_Updater.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S2 gupdate1c98cb66b566872;Google Update Service (gupdate1c98cb66b566872);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 10:05 PM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - NDISRD

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 02:05]

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 02:05]

2009-07-30 c:\windows\Tasks\User_Feed_Synchronization-{83B7E720-49B4-47F7-8E8D-8DB32296C9F5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 17:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1801674531-854245398-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,17,1a,18,b0,84,81,43,b4,7d,37,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,17,1a,18,b0,84,81,43,b4,7d,37,\
.
Completion time: 2009-08-02 17:43
ComboFix-quarantined-files.txt 2009-08-02 21:42
ComboFix2.txt 2009-07-31 03:38

Pre-Run: 74,373,672,960 bytes free
Post-Run: 74,362,761,216 bytes free

110 --- E O F --- 2009-07-29 00:02

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.