Same computer that suffered the security virus, new issue

ComboFix 09-07-19.01 - Torrie 07/19/2009 15:00.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.638 [GMT -4:00]
Running from: c:\documents and settings\Torrie\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Torrie\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\3456665.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\3456665.bat
C:\4b5b4d4025c336b9d9cb2cea . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PXNUWSVV
-------\Service_pxnuwsvv


((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-18 04:50 . 2009-07-18 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-18 04:50 . 2005-08-25 23:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-07-18 04:50 . 2009-07-18 04:50 -------- d-----w- c:\program files\SpywareBlaster
2009-07-18 04:18 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-18 04:10 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-18 01:30 . 2009-07-18 02:03 -------- d-----w- c:\documents and settings\Torrie\DoctorWeb
2009-07-17 23:10 . 2009-07-17 23:10 -------- d-s---w- c:\documents and settings\Torrie\UserData
2009-07-12 19:17 . 2009-07-12 19:17 6500 ----a-w- C:\backup.reg
2009-07-12 19:17 . 2009-07-12 19:17 574 ----a-w- C:\cleanup.bat
2009-07-12 19:17 . 2009-07-12 19:17 135168 ----a-w- C:\zip.exe
2009-07-12 18:28 . 2009-07-12 18:28 -------- d--h--w- c:\windows\PIF
2009-07-12 17:53 . 2009-07-12 17:53 152576 ----a-w- c:\documents and settings\Torrie\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-12 17:49 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-07-12 17:48 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-12 17:31 . 2008-04-14 00:12 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-07-12 17:31 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-07-12 12:56 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-12 12:56 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-12 12:56 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-12 12:56 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-12 12:36 . 2009-07-12 12:36 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe
2009-07-12 05:24 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-12 05:24 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-12 05:24 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-12 05:24 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-12 05:24 . 2009-07-12 05:24 -------- d-----w- c:\program files\Avira
2009-07-12 05:24 . 2009-07-12 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-12 03:21 . 2009-07-12 03:21 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-11 22:14 . 2009-07-11 22:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-11 20:33 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 20:33 . 2009-07-12 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 20:33 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 20:08 . 2009-07-11 20:08 -------- d-----w- c:\documents and settings\Torrie\Application Data\Malwarebytes
2009-07-11 17:13 . 2009-07-11 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 17:13 . 2009-07-11 17:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-11 16:26 . 2004-08-04 10:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-07-11 16:26 . 2004-08-04 10:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-07-11 16:24 . 2001-08-18 02:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-07-11 16:23 . 2004-08-04 10:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-07-11 16:22 . 2001-08-18 02:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-07-11 16:22 . 2001-08-18 02:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-07-11 16:18 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-07-11 16:06 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-11 16:06 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-11 16:06 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-11 16:06 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-11 16:05 . 2009-07-11 16:05 -------- d-s---w- c:\windows\system32\config\systemprofile\History
2009-07-11 14:52 . 2009-07-19 16:55 -------- d-----w- C:\4b5b4d4025c336b9d9cb2cea
2009-07-11 11:54 . 2009-07-11 11:54 -------- d-----w- c:\windows\msapps
2009-07-11 11:54 . 2009-07-11 11:54 -------- d-----w- c:\windows\dell
2009-06-30 05:04 . 2009-06-30 05:04 -------- d-----w- c:\program files\7-Zip
2009-06-29 17:21 . 2009-06-30 17:10 -------- d-----w- c:\program files\MuseScore 0.9
2009-06-28 20:07 . 2009-06-28 20:07 -------- d-----w- c:\documents and settings\Torrie\Local Settings\Application Data\MusE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 21:43 . 2007-06-26 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-18 21:14 . 2007-05-04 09:32 44985 ----a-w- c:\windows\system32\nvModes.dat
2009-07-18 05:37 . 2008-04-27 03:48 -------- d-----w- c:\program files\Conference
2009-07-18 04:48 . 2007-06-26 02:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-18 04:09 . 2007-06-26 02:26 -------- d-----w- c:\program files\Lavasoft
2009-07-12 19:15 . 2007-05-04 09:58 -------- d-----w- c:\program files\Google
2009-07-12 19:12 . 2007-05-04 09:44 -------- d-----w- c:\program files\Java
2009-07-12 12:42 . 2007-06-26 02:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 12:36 . 2007-06-26 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-12 01:58 . 2007-06-26 02:33 -------- d-----w- c:\program files\hijack this
2009-07-11 16:17 . 2004-08-10 18:02 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-28 20:04 . 2009-03-23 02:48 -------- d-----w- c:\program files\Bonjour
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-08 21:57 . 2009-05-08 19:17 140839968 ----a-w- c:\documents and settings\All Users\Application Data\Rosetta Stone\Updates\Download\Update.exe
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2006-03-04 03:33 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-07-15 20:30 . 2009-07-18 04:57 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-09-16 20:04 . 2007-11-01 03:44 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-18_22.29.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-10 17:51 . 2009-07-19 17:02 64490 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2009-07-18 22:30 64490 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2009-07-19 17:02 405024 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-07-18 22:30 405024 c:\windows\system32\perfh009.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-21 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-03-21 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Conference\\Conference.dll"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Ring Factory\\RingFactory.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/18/2009 12:10 AM 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/12/2009 1:24 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [4/23/2003 9:45 AM 16896]
S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [8/24/2007 12:15 AM 19968]
.
Contents of the 'Scheduled Tasks' folder

2009-07-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070504
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
FF - ProfilePath - c:\documents and settings\Torrie\Application Data\Mozilla\Firefox\Profiles\64jqv8xt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\documents and settings\Torrie\Application Data\Mozilla\Firefox\Profiles\64jqv8xt.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 15:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(748)
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-19 15:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 19:10
ComboFix2.txt 2009-07-19 17:03
ComboFix3.txt 2009-07-18 22:33

Pre-Run: 138,035,515,392 bytes free
Post-Run: 138,007,388,160 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
255 --- E O F --- 2009-07-18 13:45

OK,

While I was upstairs, away from the computer, my Avira AntiVir program ran. It said that it found several issues. I told it to ignore the issues for now, but I did save a copy of the report.

Avira AntiVir Personal
Report file date: Sunday, July 19, 2009 15:44

Scanning for 1554902 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : D78TPXC1

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/2009 14:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 05:28:01
ANTIVIR2.VDF : 7.1.4.221 1273856 Bytes 7/12/2009 18:04:09
ANTIVIR3.VDF : 7.1.4.253 537600 Bytes 7/19/2009 19:43:28
Engineversion : 8.2.0.222
AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/2009 16:52:04
AESCRIPT.DLL : 8.1.2.18 442746 Bytes 7/17/2009 23:47:22
AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/2009 16:02:01
AERDL.DLL : 8.1.2.4 430452 Bytes 7/14/2009 22:05:43
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/2009 21:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/12/2009 05:28:32
AEHEUR.DLL : 8.1.0.143 1864055 Bytes 7/17/2009 01:35:39
AEHELP.DLL : 8.1.4.5 229748 Bytes 7/14/2009 22:05:30
AEGEN.DLL : 8.1.1.48 348532 Bytes 7/12/2009 05:28:20
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.7.5 180597 Bytes 7/14/2009 22:05:29
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, July 19, 2009 15:44

Starting search for hidden objects.
'77733' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'netwaiting.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Torrie\Desktop\Combo-Fix.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\ForceLibrary.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmppqlrklwqjyiacgo.dll.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\uactmp.db.vir
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACuenxsjeahrwrdxisc.dll.vir
[DETECTION] Is the TR/TDss.aebu Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACumlijebybavfsfpbk.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACybrkjdupdetyufojt.dll.vir
[DETECTION] Is the TR/TDss.adzz Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACyxvklneoyqerdbmlv.dll.vir
[DETECTION] Is the TR/TDss.wae Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACqpmhsipctobwuwpyv.sys.vir
[DETECTION] Is the TR/TDss.waf Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006001.sys
[DETECTION] Is the TR/TDss.waf Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006002.dll
[DETECTION] Is the TR/TDss.wae Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006003.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006004.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006005.dll
[DETECTION] Is the TR/TDss.adzz Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006006.dll
[DETECTION] Is the TR/TDss.aebu Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006303.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0006438.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan

Beginning disinfection:
C:\Documents and Settings\Torrie\Desktop\Combo-Fix.exe
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmppqlrklwqjyiacgo.dll.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\WINDOWS\system32\uactmp.db.vir
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACuenxsjeahrwrdxisc.dll.vir
[DETECTION] Is the TR/TDss.aebu Trojan
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACumlijebybavfsfpbk.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACybrkjdupdetyufojt.dll.vir
[DETECTION] Is the TR/TDss.adzz Trojan
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACyxvklneoyqerdbmlv.dll.vir
[DETECTION] Is the TR/TDss.wae Trojan
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACqpmhsipctobwuwpyv.sys.vir
[DETECTION] Is the TR/TDss.waf Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006001.sys
[DETECTION] Is the TR/TDss.waf Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006002.dll
[DETECTION] Is the TR/TDss.wae Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006003.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006004.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006005.dll
[DETECTION] Is the TR/TDss.adzz Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006006.dll
[DETECTION] Is the TR/TDss.aebu Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0006303.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0006438.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan
[WARNING] The file was ignored!


End of the scan: Sunday, July 19, 2009 16:41
Used time: 42:45 Minute(s)

The scan has been done completely.

10959 Scanned directories
217047 Files were scanned
15 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
217029 Files not concerned
3300 Archives were scanned
18 Warnings
3 Notes
77733 Objects were scanned with rootkit scan
0 Hidden objects were found

Now open a new notepad file.
Input this into the notepad file:

Rootkit::
C:\4b5b4d4025c336b9d9cb2cea

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-07-20.01 - Torrie 07/20/2009 18:54.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.688 [GMT -4:00]
Running from: c:\documents and settings\Torrie\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Torrie\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.

2009-07-18 04:50 . 2009-07-18 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-18 04:50 . 2005-08-25 23:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-07-18 04:50 . 2009-07-18 04:50 -------- d-----w- c:\program files\SpywareBlaster
2009-07-18 04:18 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-18 04:10 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-18 01:30 . 2009-07-18 02:03 -------- d-----w- c:\documents and settings\Torrie\DoctorWeb
2009-07-17 23:10 . 2009-07-17 23:10 -------- d-s---w- c:\documents and settings\Torrie\UserData
2009-07-12 19:17 . 2009-07-12 19:17 6500 ----a-w- C:\backup.reg
2009-07-12 19:17 . 2009-07-12 19:17 574 ----a-w- C:\cleanup.bat
2009-07-12 19:17 . 2009-07-12 19:17 135168 ----a-w- C:\zip.exe
2009-07-12 18:28 . 2009-07-12 18:28 -------- d--h--w- c:\windows\PIF
2009-07-12 17:53 . 2009-07-12 17:53 152576 ----a-w- c:\documents and settings\Torrie\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-12 17:49 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-07-12 17:48 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-12 17:31 . 2008-04-14 00:12 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-07-12 17:31 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-07-12 12:56 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-12 12:56 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-12 12:56 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-12 12:56 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-12 12:36 . 2009-07-12 12:36 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe
2009-07-12 05:24 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-12 05:24 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-12 05:24 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-12 05:24 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-12 05:24 . 2009-07-12 05:24 -------- d-----w- c:\program files\Avira
2009-07-12 05:24 . 2009-07-12 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-12 03:21 . 2009-07-12 03:21 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-11 22:14 . 2009-07-11 22:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-11 20:33 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 20:33 . 2009-07-12 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 20:33 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 20:08 . 2009-07-11 20:08 -------- d-----w- c:\documents and settings\Torrie\Application Data\Malwarebytes
2009-07-11 17:13 . 2009-07-11 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 17:13 . 2009-07-11 17:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-11 16:26 . 2004-08-04 10:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-07-11 16:26 . 2004-08-04 10:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-07-11 16:24 . 2001-08-18 02:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-07-11 16:23 . 2004-08-04 10:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-07-11 16:22 . 2001-08-18 02:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-07-11 16:22 . 2001-08-18 02:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-07-11 16:18 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-07-11 16:06 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-11 16:06 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-11 16:06 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-11 16:06 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-11 16:05 . 2009-07-11 16:05 -------- d-s---w- c:\windows\system32\config\systemprofile\History
2009-07-11 14:52 . 2009-07-19 16:55 -------- d-----w- C:\4b5b4d4025c336b9d9cb2cea
2009-07-11 11:54 . 2009-07-11 11:54 -------- d-----w- c:\windows\msapps
2009-07-11 11:54 . 2009-07-11 11:54 -------- d-----w- c:\windows\dell
2009-06-30 05:04 . 2009-06-30 05:04 -------- d-----w- c:\program files\7-Zip
2009-06-29 17:21 . 2009-06-30 17:10 -------- d-----w- c:\program files\MuseScore 0.9
2009-06-28 20:07 . 2009-06-28 20:07 -------- d-----w- c:\documents and settings\Torrie\Local Settings\Application Data\MusE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 21:43 . 2007-06-26 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-18 21:14 . 2007-05-04 09:32 44985 ----a-w- c:\windows\system32\nvModes.dat
2009-07-18 05:37 . 2008-04-27 03:48 -------- d-----w- c:\program files\Conference
2009-07-18 04:48 . 2007-06-26 02:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-18 04:09 . 2007-06-26 02:26 -------- d-----w- c:\program files\Lavasoft
2009-07-12 19:15 . 2007-05-04 09:58 -------- d-----w- c:\program files\Google
2009-07-12 19:12 . 2007-05-04 09:44 -------- d-----w- c:\program files\Java
2009-07-12 12:42 . 2007-06-26 02:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 12:36 . 2007-06-26 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-12 01:58 . 2007-06-26 02:33 -------- d-----w- c:\program files\hijack this
2009-07-11 16:17 . 2004-08-10 18:02 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-28 20:04 . 2009-03-23 02:48 -------- d-----w- c:\program files\Bonjour
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-08 21:57 . 2009-05-08 19:17 140839968 ----a-w- c:\documents and settings\All Users\Application Data\Rosetta Stone\Updates\Download\Update.exe
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2006-03-04 03:33 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-07-15 20:30 . 2009-07-18 04:57 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-09-16 20:04 . 2007-11-01 03:44 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-18_22.29.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-10 17:51 . 2009-07-20 21:35 64490 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2009-07-18 22:30 64490 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2009-07-20 21:35 405024 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2009-07-18 22:30 405024 c:\windows\system32\perfh009.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-21 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-03-21 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Conference\\Conference.dll"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Ring Factory\\RingFactory.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/18/2009 12:10 AM 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/12/2009 1:24 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [4/23/2003 9:45 AM 16896]
S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [8/24/2007 12:15 AM 19968]
.
Contents of the 'Scheduled Tasks' folder

2009-07-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070504
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
FF - ProfilePath - c:\documents and settings\Torrie\Application Data\Mozilla\Firefox\Profiles\64jqv8xt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\documents and settings\Torrie\Application Data\Mozilla\Firefox\Profiles\64jqv8xt.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 19:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3024)
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-07-20 19:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-20 23:06
ComboFix2.txt 2009-07-19 19:10
ComboFix3.txt 2009-07-19 17:03
ComboFix4.txt 2009-07-18 22:33

Pre-Run: 138,003,501,056 bytes free
Post-Run: 137,964,486,656 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
245 --- E O F --- 2009-07-18 13:45

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.39
Database version: 2476
Windows 5.1.2600 Service Pack 3

7/21/2009 8:24:36 PM
mbam-log-2009-07-21 (20-24-36).txt

Scan type: Quick Scan
Objects scanned: 91362
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Torrie\Desktop\avenger.exe (Trojan.Agnet) -> Quarantined and deleted successfully.
c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

I will make this change. It seems to be doing fine.