That worked, here you go:
ComboFix 09-08-20.07 - user 08/21/2009 14:52.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1569 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\lowery.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\1220f.msi
c:\windows\Installer\1830252.msp
c:\windows\Installer\368fc.msp
c:\windows\Installer\379b4.msp
c:\windows\Installer\99cb64.msp
c:\windows\system32\drivers\UACvylespvuyp.sys
c:\windows\system32\UACaahktlewdl.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjmdddcixgo.db
c:\windows\system32\UACndiewnqkbe.dll
c:\windows\system32\UACrdsnaqlqpe.dll
c:\windows\system32\UACxnspypuxnq.dll
c:\windows\system32\UACyupelanpiv.dat
c:\windows\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UACd.sys
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.
2009-08-21 15:49 . 2009-08-21 15:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-21 13:17 . 2009-08-21 13:17 -------- d-----w- c:\program files\Trend Micro
2009-08-18 18:41 . 2009-08-18 18:41 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-08-18 13:28 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 13:28 . 2009-08-21 14:37 -------- d-----w- c:\program files\Period
2009-08-18 13:28 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-17 19:41 . 2009-08-17 20:07 -------- d-----w- c:\program files\VS Revo Group
2009-08-13 23:59 . 2009-08-13 23:59 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-08-13 23:59 . 2009-08-13 23:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Hitman Pro
2009-08-13 23:16 . 2009-08-13 23:16 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-13 16:40 . 2009-06-25 08:25 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-08-13 16:40 . 2009-06-25 08:25 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-08-13 16:40 . 2009-06-25 08:25 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-08-13 16:40 . 2009-06-24 11:18 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2009-08-13 12:32 . 2009-08-13 12:32 -------- d-----r- c:\program files\Norton Support
2009-08-12 19:40 . 2009-08-12 19:40 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Symantec
2009-08-12 19:30 . 2009-08-12 19:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-12 14:23 . 2009-08-12 19:23 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SecTaskMan
2009-08-12 13:15 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 15:49 . 2007-05-30 14:34 -------- d-----w- c:\program files\Java
2009-08-21 15:48 . 2007-02-04 01:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-19 12:40 . 2009-04-02 13:35 -------- d-----w- c:\program files\Symantec
2009-08-19 12:40 . 2009-04-02 13:35 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-19 12:40 . 2009-04-02 13:35 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-19 12:40 . 2009-04-02 13:35 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-19 12:40 . 2009-04-02 13:35 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-18 19:11 . 2009-04-02 13:36 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-13 17:37 . 2008-05-23 13:35 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-13 15:44 . 2009-04-02 13:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-13 15:44 . 2009-04-02 13:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Symantec
2009-08-05 09:01 . 2004-08-11 23:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 12:35 . 2009-02-12 13:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-17 19:01 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-11 23:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 04:45 . 2009-05-31 13:56 -------- d-----w- c:\program files\MediaCoder
2009-07-10 13:07 . 2009-07-10 13:07 -------- d-----w- c:\program files\Verizon Wireless
2009-07-10 13:04 . 2009-07-10 13:04 -------- d-----w- c:\program files\Novatel Wireless
2009-07-03 17:09 . 2004-08-11 23:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-11 23:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-11 23:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-11 23:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-11 23:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-11 23:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-11 23:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-11 23:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 23:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-11 23:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-11 23:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-11 23:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-11 23:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-11 23:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-11 23:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-01-30 512000]
"TDxVGAUTIL"="c:\windows\system32\TDxVGAUTIL.EXE" [2005-12-19 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-08 65536]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-01-26 26112]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-04 1032192]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
c:\documents and settings\user\Start Menu\Programs\Startup\
FAXRX.lnk - c:\program files\Brother\Brmfl06d\FAXRX.exe [2009-3-3 512000]
c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-26 24576]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Brother\\Brmfl06d\\FAXRX.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"25:TCP"= 25:TCP:SMTPMail
"110:TCP"= 110:TCP:POP3
"54925:UDP"= 54925:UDP:Brother Fax/Scan/Copy
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00A\SymEFA.sys [8/19/2009 7:39 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00A\BHDrvx86.sys [8/19/2009 7:39 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00A\cchpx86.sys [8/19/2009 7:39 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/12/2009 2:42 PM 276344]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [1/31/2007 12:03 PM 58464]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe [8/19/2009 7:39 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/2/2009 8:54 AM 101936]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
R3 TdxMrMINI;TdxMrMINI;c:\windows\system32\drivers\TdxMrMini.sys [3/15/2007 2:41 PM 233984]
R3 TdxVGAMINI;TdxVGAMINI;c:\windows\system32\drivers\TdxVgaMini.sys [3/15/2007 2:41 PM 234496]
S2 qttuwjmt;qttuwjmt;c:\windows\system32\drivers\dkqhdyc.sys --> c:\windows\system32\drivers\dkqhdyc.sys [?]
S2 tbisu;tbisu;c:\windows\system32\drivers\jmkl.sys --> c:\windows\system32\drivers\jmkl.sys [?]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.sys [3/15/2007 2:41 PM 27135]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/15/2008 10:25 AM 31592]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [8/13/2009 6:59 PM 11904]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]
S3 TdxVGAUSB;TARGUS USB2.0 VGA DOCK DEVICE(USB);c:\windows\system32\drivers\TdxVGAUSB.sys [3/15/2007 2:41 PM 22528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC8B4D35-FC70-4A52-9655-E8784FDEEB87}]
msiexec /fu {FC8B4D35-FC70-4A52-9655-E8784FDEEB87}
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-ShStatEXE - c:\program files\Network Associates\VirusScan\SHSTAT.EXE
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-CmUsbSound - cmcnfgu.cpl
HKLM-Run-UDC Integration - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexplore
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-21 15:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1324)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3848)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Norton Internet Security\Engine\16.7.2.10\MCUI32.exe
.
**************************************************************************
.
Completion time: 2009-08-21 15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 20:18
Pre-Run: 151,398,948,864 bytes free
Post-Run: 153,153,249,280 bytes free
239 --- E O F --- 2009-08-17 13:46