System Security - new hijack this info & malwarebytes info

CouponPrinter(2).exe\data012;C:\Documents and Settings\Torrie\Desktop\CouponPrinter(2).exe;Adware.Coupons.34;;
CouponPrinter(2).exe\data013;C:\Documents and Settings\Torrie\Desktop\CouponPrinter(2).exe;Adware.Coupons.34;;
CouponPrinter(2).exe\data015;C:\Documents and Settings\Torrie\Desktop\CouponPrinter(2).exe;Adware.Coupons.34;;
CouponPrinter(2).exe\data016;C:\Documents and Settings\Torrie\Desktop\CouponPrinter(2).exe;Adware.Coupons.34;;
CouponPrinter(2).exe;C:\Documents and Settings\Torrie\Desktop;Container contains infected objects;Moved.;
CouponPrinter.exe\data012;C:\Documents and Settings\Torrie\Desktop\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe\data013;C:\Documents and Settings\Torrie\Desktop\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe\data015;C:\Documents and Settings\Torrie\Desktop\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe\data016;C:\Documents and Settings\Torrie\Desktop\CouponPrinter.exe;Adware.Coupons.34;;
CouponPrinter.exe;C:\Documents and Settings\Torrie\Desktop;Container contains infected objects;Moved.;
npCouponPrinter.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Coupons.34;;
CouponPrinter.ocx;C:\WINDOWS;Adware.Coupons.34;;
UACuenxsjeahrwrdxisc.dll;C:\WINDOWS\system32;Trojan.Packed.365;Incurable.;
UACumlijebybavfsfpbk.dll;C:\WINDOWS\system32;BackDoor.Tdss.49;Deleted.;
UACybrkjdupdetyufojt.dll;C:\WINDOWS\system32;BackDoor.Tdss.105;Deleted.;
UAC6feb.tmp;C:\WINDOWS\Temp;BackDoor.Tdss.49;Deleted.;
UAC7152.tmp;C:\WINDOWS\Temp;BackDoor.Tdss.105;Deleted.;

Adaware log file.

Logfile created: 7/18/2009 1:1:35
Lavasoft Ad-Aware version: 8.0.7
Extended engine version: 8.1
User performing scan: Torrie

*********************** Definitions database information ***********************
Lavasoft definition file: 149.7
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 150199
Objects detected: 6


Type Detected
==========================
Processes.......: 1
Registry entries: 0
Hostfile entries: 0
Files...........: 5
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: C:\WINDOWS\CouponPrinter.ocx Family Name: Win32.Adware.BHO Clean status: Success Item ID: 766344 Family ID: 61
Description: C:\Program Files\Conference\Conference.key Family Name: Win32.TrojanPWS.OnlineGames Clean status: Success Item ID: 436448 Family ID: 1053

Quarantined items:
Description: \\?\globalroot\systemroot\system32\uacuenxsjeahrwrdxisc.dll Family Name: Win32.Trojan.Tdss Clean status: Reboot required Item ID: 942777 Family ID: 5401
Description: C:\WINDOWS\system32\UACuenxsjeahrwrdxisc.dll Family Name: Win32.Trojan.Tdss Clean status: Reboot required Item ID: 942777 Family ID: 5401
Description: C:\i386\mfc70u.dll Family Name: Win32.TrojanDropper.Delf Clean status: Success Item ID: 1238256 Family ID: 1385
Description: C:\WINDOWS\system32\mfc70u.dll Family Name: Win32.TrojanDropper.Delf Clean status: Success Item ID: 1238256 Family ID: 1385

Scan and cleaning complete: Finished correctly after 1779 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: scanrootkits, enabled:1, value: true
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:


Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Sat Jul 18 00:10:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Sat Jul 18 00:10:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: D78TPXC1
Processor name: Genuine Intel(R) CPU T2080 @ 1.73GHz
Processor identifier: x86 Family 6 Model 14 Stepping 12
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3596, number of processors 2
Physical memory available: 570388480 bytes
Physical memory total: 1072029696 bytes
Virtual memory available: 2054230016 bytes
Virtual memory total: 2147352576 bytes
Memory load: 46%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 776 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 840 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 864 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 912 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 924 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1124 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1236 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1308 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1436 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1464 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1584 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1720 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1808 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1856 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1920 name: C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1988 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT AUTHORITY
PID: 244 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 276 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 332 name: C:\WINDOWS\Explorer.EXE owner: Torrie domain: D78TPXC1
PID: 408 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 544 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 596 name: C:\WINDOWS\System32\WLTRYSVC.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 668 name: C:\WINDOWS\System32\bcmwltry.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1560 name: C:\WINDOWS\system32\rundll32.exe owner: Torrie domain: D78TPXC1
PID: 1568 name: C:\WINDOWS\system32\WLTRAY.exe owner: Torrie domain: D78TPXC1
PID: 1620 name: C:\Program Files\Dell\QuickSet\quickset.exe owner: Torrie domain: D78TPXC1
PID: 1624 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: Torrie domain: D78TPXC1
PID: 1684 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Torrie domain: D78TPXC1
PID: 1792 name: C:\Program Files\NetWaiting\netWaiting.exe owner: Torrie domain: D78TPXC1
PID: 968 name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: Torrie domain: D78TPXC1
PID: 1764 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Torrie domain: D78TPXC1
PID: 400 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1504 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2076 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3488 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3720 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Torrie domain: D78TPXC1
PID: 2700 name: C:\WINDOWS\system32\wuauclt.exe owner: Torrie domain: D78TPXC1
PID: 4084 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Torrie domain: D78TPXC1

Startup items:
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: {D76AB2A1-00F3-42BD-F434-00BBC39C8953}
imagepath: rtasgvfu76ew8ndkfno94
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /installquiet
Name: NVHotkey
imagepath: rundll32.exe nvHotkey.dll,Start
Name: Broadcom Wireless Manager UI
imagepath: C:\WINDOWS\system32\WLTRAY.exe
Name: Dell QuickSet
imagepath: C:\Program Files\Dell\QuickSet\quickset.exe
Name: SynTPEnh
imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Name: avgnt
imagepath: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Name: Malwarebytes Anti-Malware (reboot)
imagepath: "C:\Program Files\Malwarebytes' Anti-Malware\winlogin.exe" /runcleanupscript
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
imagepath: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: AdobeActiveFileMonitor4.0
displayname: Adobe Active File Monitor V4
Name: ALG
displayname: Application Layer Gateway Service
Name: AntiVirSchedulerService
displayname: Avira AntiVir Scheduler
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioSrv
displayname: Windows Audio
Name: Bonjour Service
displayname: Bonjour Service
Name: Browser
displayname: Computer Browser
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: Human Interface Device Access
Name: HTTPFilter
displayname: HTTP SSL
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: w32time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wltrysvc
displayname: Dell Wireless WLAN Tray Service
Name: wuauserv
displayname: Automatic Updates

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.