Tr/Vundo.Gen2 slowing down my computer~ no scan works

AntiVir Guard comes up and I can't clean my computer with TrendMicro or MalwareBytes

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:31 PM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\V0350Mon.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\Kelner\Application Data\5647909830\5647909830.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [5647909830] C:\Documents and Settings\Kelner\Application Data\5647909830\5647909830.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/WINDSTREAM/static/controls/WebflowActiveXInstaller_2-0-0.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126039629675
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142350911109
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-2dda5366d4cf3608.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O16 - DPF: {F9439391-4C64-4D24-AE0C-7AB90C0EAAB1} - http://bgo2k3epwebtest/cbsdesktop/appshell/components/desktop.cab
O18 - Filter hijack: text/html - {d003d183-2688-44c0-be3c-6bee871ed6df} - (no file)
O20 - AppInit_DLLs: bofofevu.dll
O21 - SSODL: rimozekog - {8ba53663-0cff-4d82-8c7c-74e9697f99fd} - (no file)
O22 - SharedTaskScheduler: gahurihor - {8ba53663-0cff-4d82-8c7c-74e9697f99fd} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

--
End of file - 7370 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [5647909830] C:\Documents and Settings\Kelner\Application Data\5647909830\5647909830.exe
  O18 - Filter hijack: text/html - {d003d183-2688-44c0-be3c-6bee871ed6df} - (no file)
  O20 - AppInit_DLLs: bofofevu.dll
  O21 - SSODL: rimozekog - {8ba53663-0cff-4d82-8c7c-74e9697f99fd} - (no file)
  O22 - SharedTaskScheduler: gahurihor - {8ba53663-0cff-4d82-8c7c-74e9697f99fd} - (no file)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

It asked me if I wanted to run this file. I hit run and nothing happened. Earlier I installed it, but again, nothing. I even restarted the computer when it told me to..

bump

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I cannot get the combo-fix to run at all. My avira symbol is missing also, so I cannot disable it.

Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.

I finally got my desktop icons to show. I can get to combo-fix, but I can't find the log-even after it went through all the steps. Silentrunenrs isn't responding.

I do have something called Security Tool that keeps popping up. Apparently, it uses fear tactics...wonderful.

HA! Is this it?

ComboFix 09-10-07.02 - Kelner 10/08/2009 6:47:47.1.2 - NTFSx86
Running from: C:\Documents and Settings\Kelner\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\92372124
C:\Documents and Settings\All Users\Application Data\92372124\92372124.bat
C:\Documents and Settings\All Users\Application Data\92372124\92372124.exe
C:\Documents and Settings\Kelner\Local Settings\Temporary Internet Files\iwudag.com
C:\Documents and Settings\Kelner\Local Settings\Temporary Internet Files\ozejus.dll
C:\Documents and Settings\Kelner\Local Settings\Temporary Internet Files\pijilonygu.bat
C:\Documents and Settings\Kelner\Local Settings\Temporary Internet Files\uwemewu.sys
C:\Program Files\Common
C:\Program Files\Common\_helper.sig
C:\RECYCLER\S-1-5-21-105366467-982144795-1367911678-500
C:\RECYCLER\S-1-5-21-1166309277-1596028747-264381209-1003
C:\RECYCLER\S-1-5-21-1166309277-1596028747-264381209-500
C:\RECYCLER\S-1-5-21-1260548629-2456617093-748441295-500
C:\RECYCLER\S-1-5-21-2098939454-3982083151-582432542-500
C:\RECYCLER\S-1-5-21-231806994-526144396-314847941-500
C:\RECYCLER\S-1-5-21-2471874882-1742013197-23779851-500
C:\RECYCLER\S-1-5-21-2723234792-4289631594-398738960-500
C:\RECYCLER\S-1-5-21-2799450225-1403549518-2432291109-500
C:\RECYCLER\S-1-5-21-2995828153-448149318-1095471116-500
C:\RECYCLER\S-1-5-21-3145035839-3996446948-2437272773-500
C:\RECYCLER\S-1-5-21-472568965-2156924117-990862072-500
C:\WINDOWS\desktop
C:\WINDOWS\Installer\1533e.msi
C:\WINDOWS\Installer\262084.msi
C:\WINDOWS\Installer\2aff2b.msi
C:\WINDOWS\system32\bajujami.dll
C:\WINDOWS\system32\divosimu.dll
C:\WINDOWS\system32\fidebage.dll
C:\WINDOWS\system32\guporobe.dll
C:\WINDOWS\system32\jadikure.dll
c:\windows\system32\keneluga.dll
C:\WINDOWS\system32\pihenedo.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tojayeku.dll
C:\WINDOWS\system32\yokowefu.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 10:58:38 . 2009-09-23 19:08:35 0 d-----w- C:\Documents and Settings\Kelner\Application Data\Skype
2009-10-07 23:52:02 . 2009-10-07 23:52:02 0 dc----w- C:\Documents and Settings\All Users\Application Data\69123425
2009-10-06 14:19:07 . 2009-10-06 14:17:47 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-05 18:00:58 . 2009-10-05 18:00:58 0 d-----w- C:\Program Files\Trend Micro
2009-10-05 11:48:58 . 2009-10-05 11:48:58 0 d-----w- C:\Documents and Settings\Kelner\Application Data\5647909830
2009-10-04 16:46:14 . 2008-09-09 16:05:37 10752 ----a-w- C:\WINDOWS\DCEBoot.exe
2009-10-04 14:02:17 . 2009-10-04 14:02:16 0 d-----w- C:\Documents and Settings\Kelner\Application Data\7875163248
2009-09-25 19:10:59 . 2009-09-25 18:42:31 0 dc----w- C:\Documents and Settings\All Users\Application Data\NOS
2009-09-23 19:08:26 . 2009-09-23 19:08:23 0 d-----r- C:\Program Files\Skype
2009-09-23 19:08:22 . 2009-09-23 19:08:22 0 dc----w- C:\Documents and Settings\All Users\Application Data\Skype
2009-09-10 18:54:06 . 2009-10-06 14:18:14 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 . 2009-10-06 14:17:47 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-09-09 23:01:03 . 2007-02-27 22:49:33 0 dc----w- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-08-24 23:01:41 . 2009-08-24 23:01:41 0 d-----w- C:\Program Files\MSBuild
2009-08-24 23:01:27 . 2009-08-24 23:01:27 0 d-----w- C:\Program Files\Reference Assemblies
2009-08-06 23:24:18 . 2005-09-06 23:34:11 327896 ----a-w- C:\WINDOWS\system32\wucltui.dll
2009-08-06 23:24:18 . 2005-09-06 23:34:11 209632 ----a-w- C:\WINDOWS\system32\wuweb.dll
2009-08-06 23:24:10 . 2005-09-06 23:34:10 35552 ----a-w- C:\WINDOWS\system32\wups.dll
2009-08-06 23:24:10 . 2005-09-06 20:47:48 44768 ----a-w- C:\WINDOWS\system32\wups2.dll
2009-08-06 23:24:06 . 2005-09-06 23:34:10 53472 ----a-w- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 23:24:04 . 2004-08-04 12:00:00 96480 ----a-w- C:\WINDOWS\system32\cdm.dll
2009-08-06 23:23:54 . 2005-09-06 23:34:10 575704 ----a-w- C:\WINDOWS\system32\wuapi.dll
2009-08-06 23:23:46 . 2006-08-17 17:22:15 274288 ----a-w- C:\WINDOWS\system32\mucltui.dll
2009-08-06 23:23:46 . 2005-09-06 23:34:10 1929952 ----a-w- C:\WINDOWS\system32\wuaueng.dll
2009-08-06 23:23:46 . 2005-05-26 09:19:32 215920 ----a-w- C:\WINDOWS\system32\muweb.dll
2009-08-05 11:38:36 . 2009-04-08 19:47:16 55656 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2009-08-05 09:01:48 . 2004-08-04 12:00:00 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-07-17 19:01:06 . 2004-08-04 12:00:00 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2009-07-14 03:43:24 . 2004-08-04 12:00:00 286208 ----a-w- C:\WINDOWS\system32\wmpdxm.dll
2009-07-05 23:48:37 . 2009-07-05 23:48:37 1048611 --sha-w- C:\WINDOWS\system32\bokiluve.exe
2009-07-07 11:50:26 . 2009-07-07 11:50:26 1050659 --sha-w- C:\WINDOWS\system32\gimokajo.exe
2009-07-05 11:49:22 . 2009-07-05 11:49:22 50176 --sha-w- C:\WINDOWS\system32\guyuzera.dll.tmp
2009-07-07 11:50:26 . 2009-07-07 11:50:26 88576 --sha-w- C:\WINDOWS\system32\kehutosu.dll
2009-07-06 23:51:34 . 2009-07-06 23:51:34 51712 --sha-w- C:\WINDOWS\system32\morugawe.dll
2009-07-05 11:48:48 . 2009-07-05 11:48:48 50176 --sha-w- C:\WINDOWS\system32\panasoba.dll
2009-07-07 23:51:35 . 2009-07-07 23:51:35 1050659 --sha-w- C:\WINDOWS\system32\penotewi.exe
2009-07-06 23:50:09 . 2009-07-06 23:50:09 88064 --sha-w- C:\WINDOWS\system32\rojayefi.dll
2009-07-06 23:50:09 . 2009-07-06 23:50:09 51712 --sha-w- C:\WINDOWS\system32\tenoheze.dll
2009-07-05 11:48:48 . 2009-07-05 11:48:48 1047587 --sha-w- C:\WINDOWS\system32\vagazodi.exe
2009-07-06 11:49:44 . 2009-07-06 11:49:44 88064 --sha-w- C:\WINDOWS\system32\yibabofi.dll
2009-07-05 11:49:22 . 2009-07-05 11:49:22 50176 --sha-w- C:\WINDOWS\system32\yuworowe.dll.tmp
2009-07-05 23:48:37 . 2009-07-05 23:48:37 88576 --sha-w- C:\WINDOWS\system32\zurokawe.dll
.
C:\WINDOWS\system32\drivers\tcpip.sys ... is infected !!


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-08 14:35:02 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-08 14:34:58 114688]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-18 19:38:05 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50:42 155648]
"Motive SmartBridge"="C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [2004-11-09 15:32:44 393216]
"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-08-23 06:03:00 28672]
"FPCCSMiddleware"="C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-10-10 14:42:56 538432]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 17:08:47 209153]
"69123425"="C:\Documents and Settings\All Users\Application Data\69123425\69123425.exe" [2009-10-07 23:52:02 1050659]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - C:\WINDOWS\KHALMNPR.Exe [2008-02-29 08:12:38 76304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42:30 72208 ----a-w- c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ATTNaturalVoices\\TTS1.2\\Desktop\\bin\\ttsdesktopproxy.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\\Program Files\\Avira\\AntiVir Desktop\\guardgui.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nkajjcgx
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-igfxtray - C:\WINDOWS\system32\igfxtray.exe
HKLM-Run-92372124 - C:\Documents and Settings\All Users\Application Data\92372124\92372124.exe
HKLM-Run-vemulagok - c:\windows\system32\keneluga.dll
HKLM-Run-zosizifara - tojayeku.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 07:04:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir Desktop\guardgui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir Desktop\guardgui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
.
**************************************************************************
.
Completion time: 2009-10-08 7:09:46 - machine was rebooted

Pre-Run: 29,173,428,224 bytes free
Post-Run: 29,978,972,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

187 --- E O F --- 2009-09-26 13:00:46

I cannot get notepad to stay open. Can I copy it to another location?

When I try to open notepad it says: notepad is infected with worm Lsas.Blaster.Keyloger

Please download Ice Sword from HERE[LIST=1]

Extract the folder inside the zip, then run icesword.exe, will IceSword run?

It opened the first time I clicked the link, and now it is forbidding me.

Hello.
I uploaded a copy here:
http://rapidshare.com/files/245748362/winlogon.exe

Download that, select to download as a free user, and hit the download button.

Once downloaded, can you run that renamed copy?

Okay. So we got to the part where they show a picture of a sword with a bunch of options to the left...where do we go from here? Sorry for the hits and misses with the programs. Our computer is being picky.

We clicked the second link and it gave us the option to run it, but as soon as we clicked run, it did nothing.

Hello.

• Look in the left hand bottom of the program and press "Registry"
  
• When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
  
• Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:
  
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  
  
• Now look in the right side pane for this value "69123425", that points to -> C:\Documents and Settings\All Users\Application Data\69123425\69123425.exe
  
• Once you find the value, right click it and press "Delete"
  
• Okay the prompt and close IceSword.
  

Can you run things like Notepad now?

When I click on HKEY_LOCAL_MACHINE under name pops up (Default) then under type it says REG_SZ Data: (value not set)

Okay. Sorry...checking to see if notepad works. We're really glitchy here and when I clicked to expand the folder, it wouldn't let me before.


ETA: No, it doesn't work.

Hello.
Are you able to manually edit the registry?

Go to Start > Run. In the Run box, type in regedit, and hit enter.

No. I am not. It pops up for a second or two and then goes away.


By the way, thanks for helping us so much! It is a real pisser.

Things are working a bit more smooth. I rebooted the computer and I got notepad to work. This is the Combo-fix.txt you said I would get:



ComboFix 09-10-07.02 - Kelner 10/08/2009 6:47.1.2 - NTFSx86
Running from: c:\documents and settings\Kelner\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\92372124
c:\documents and settings\All Users\Application Data\92372124\92372124.bat
c:\documents and settings\All Users\Application Data\92372124\92372124.exe
c:\documents and settings\Kelner\Local Settings\Temporary Internet Files\iwudag.com
c:\documents and settings\Kelner\Local Settings\Temporary Internet Files\ozejus.dll
c:\documents and settings\Kelner\Local Settings\Temporary Internet Files\pijilonygu.bat
c:\documents and settings\Kelner\Local Settings\Temporary Internet Files\uwemewu.sys
c:\program files\Common
c:\program files\Common\_helper.sig
c:\recycler\S-1-5-21-105366467-982144795-1367911678-500
c:\recycler\S-1-5-21-1166309277-1596028747-264381209-1003
c:\recycler\S-1-5-21-1166309277-1596028747-264381209-500
c:\recycler\S-1-5-21-1260548629-2456617093-748441295-500
c:\recycler\S-1-5-21-2098939454-3982083151-582432542-500
c:\recycler\S-1-5-21-231806994-526144396-314847941-500
c:\recycler\S-1-5-21-2471874882-1742013197-23779851-500
c:\recycler\S-1-5-21-2723234792-4289631594-398738960-500
c:\recycler\S-1-5-21-2799450225-1403549518-2432291109-500
c:\recycler\S-1-5-21-2995828153-448149318-1095471116-500
c:\recycler\S-1-5-21-3145035839-3996446948-2437272773-500
c:\recycler\S-1-5-21-472568965-2156924117-990862072-500
c:\windows\desktop
c:\windows\Installer\1533e.msi
c:\windows\Installer\262084.msi
c:\windows\Installer\2aff2b.msi
c:\windows\system32\bajujami.dll
c:\windows\system32\divosimu.dll
c:\windows\system32\fidebage.dll
c:\windows\system32\guporobe.dll
c:\windows\system32\jadikure.dll
c:\windows\system32\keneluga.dll
c:\windows\system32\pihenedo.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tojayeku.dll
c:\windows\system32\yokowefu.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 10:58 . 2009-09-23 19:08 -------- d-----w- c:\documents and settings\Kelner\Application Data\Skype
2009-10-07 23:52 . 2009-10-07 23:52 -------- dc----w- c:\documents and settings\All Users\Application Data\69123425
2009-10-06 14:19 . 2009-10-06 14:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 18:00 . 2009-10-05 18:00 -------- d-----w- c:\program files\Trend Micro
2009-10-05 11:48 . 2009-10-05 11:48 -------- d-----w- c:\documents and settings\Kelner\Application Data\5647909830
2009-10-04 16:46 . 2008-09-09 16:05 10752 ----a-w- c:\windows\DCEBoot.exe
2009-10-04 14:02 . 2009-10-04 14:02 -------- d-----w- c:\documents and settings\Kelner\Application Data\7875163248
2009-09-25 19:10 . 2009-09-25 18:42 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-23 19:08 . 2009-09-23 19:08 -------- d-----r- c:\program files\Skype
2009-09-23 19:08 . 2009-09-23 19:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-10 18:54 . 2009-10-06 14:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-10-06 14:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 23:01 . 2007-02-27 22:49 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-24 23:01 . 2009-08-24 23:01 -------- d-----w- c:\program files\MSBuild
2009-08-24 23:01 . 2009-08-24 23:01 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 23:24 . 2005-09-06 23:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-09-06 23:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-09-06 23:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-09-06 20:47 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-09-06 23:34 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-09-06 23:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-08-17 17:22 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-09-06 23:34 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 11:38 . 2009-04-08 19:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 23:48 . 2009-07-05 23:48 1048611 --sha-w- c:\windows\system32\bokiluve.exe
2009-07-07 11:50 . 2009-07-07 11:50 1050659 --sha-w- c:\windows\system32\gimokajo.exe
2009-07-05 11:49 . 2009-07-05 11:49 50176 --sha-w- c:\windows\system32\guyuzera.dll.tmp
2009-07-07 11:50 . 2009-07-07 11:50 88576 --sha-w- c:\windows\system32\kehutosu.dll
2009-07-06 23:51 . 2009-07-06 23:51 51712 --sha-w- c:\windows\system32\morugawe.dll
2009-07-05 11:48 . 2009-07-05 11:48 50176 --sha-w- c:\windows\system32\panasoba.dll
2009-07-07 23:51 . 2009-07-07 23:51 1050659 --sha-w- c:\windows\system32\penotewi.exe
2009-07-06 23:50 . 2009-07-06 23:50 88064 --sha-w- c:\windows\system32\rojayefi.dll
2009-07-06 23:50 . 2009-07-06 23:50 51712 --sha-w- c:\windows\system32\tenoheze.dll
2009-07-05 11:48 . 2009-07-05 11:48 1047587 --sha-w- c:\windows\system32\vagazodi.exe
2009-07-06 11:49 . 2009-07-06 11:49 88064 --sha-w- c:\windows\system32\yibabofi.dll
2009-07-05 11:49 . 2009-07-05 11:49 50176 --sha-w- c:\windows\system32\yuworowe.dll.tmp
2009-07-05 23:48 . 2009-07-05 23:48 88576 --sha-w- c:\windows\system32\zurokawe.dll
.
c:\windows\system32\drivers\tcpip.sys ... is infected !!


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-08 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-08 114688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-18 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Motive SmartBridge"="c:\progra~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [2004-11-09 393216]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-10-10 538432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"69123425"="c:\documents and settings\All Users\Application Data\69123425\69123425.exe" [2009-10-07 1050659]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ATTNaturalVoices\\TTS1.2\\Desktop\\bin\\ttsdesktopproxy.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\guardgui.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nkajjcgx
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-igfxtray - c:\windows\system32\igfxtray.exe
HKLM-Run-92372124 - c:\documents and settings\All Users\Application Data\92372124\92372124.exe
HKLM-Run-vemulagok - c:\windows\system32\keneluga.dll
HKLM-Run-zosizifara - tojayeku.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 07:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\AntiVir Desktop\guardgui.exe
c:\program files\CyberLink\PowerDVD\PDVDServ.exe
c:\program files\Avira\AntiVir Desktop\guardgui.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
.
**************************************************************************
.
Completion time: 2009-10-08 7:09 - machine was rebooted

Pre-Run: 29,173,428,224 bytes free
Post-Run: 29,978,972,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

187 --- E O F --- 2009-09-26 13:00

I went into safe mode and ran Malwarebytes. These is the log I got the first time with the full scan:

Malwarebytes' Anti-Malware 1.31
Database version: 1563
Windows 5.1.2600 Service Pack 3

12/28/2008 6:47:09 PM
mbam-log-2008-12-28 (18-47-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 154439
Time elapsed: 1 hour(s), 35 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dbe5bee8-f032-11db-826a-c4bb56d89593} (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14EF41A1-0048-4C28-A7A9-80C314CED92F}\RP322\A0096256.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14EF41A1-0048-4C28-A7A9-80C314CED92F}\RP322\A0096257.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14EF41A1-0048-4C28-A7A9-80C314CED92F}\RP326\A0098385.sys (Backdoor.UltimateDefender) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14EF41A1-0048-4C28-A7A9-80C314CED92F}\RP327\A0098406.sys (Backdoor.UltimateDefender) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{14EF41A1-0048-4C28-A7A9-80C314CED92F}\RP327\A0098407.sys (Backdoor.UltimateDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini104552502.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



This is the log I got when I ran the quick scan. It pulled up one more object that was infected:

Malwarebytes' Anti-Malware 1.28
Database version: 1244
Windows 5.1.2600 Service Pack 3

10/8/2008 3:26:39 PM
mbam-log-2008-10-08 (15-26-39).txt

Scan type: Quick Scan
Objects scanned: 88597
Time elapsed: 29 minute(s), 48 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 5
Registry Keys Infected: 41
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 10
Files Infected: 92

Memory Processes Infected:
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe (Rogue.XPAntiSpyware) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\XP_AntiSpyware\AVEngn.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\XP_AntiSpyware\HTMLAYOUT.DLL (Rogue.XPAntiSpyware) -> Delete on reboot.
C:\Program Files\XP_AntiSpyware\PTHREADVC2.DLL (Rogue.XPAntiSpyware) -> Delete on reboot.
C:\WINDOWS\system32\msiebbar.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\cvpro.server (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cvpro.server.1 (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{307c2e42-267a-11dc-aca0-7ccb56d89593} (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xp_antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00d94e4 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d003d183-2688-44c0-be3c-6bee871ed6df} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp antispyware 2009 (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\data (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelner\Application Data\ContraVirus AntiSpam (Rogue.ContraVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelner\Start Menu\Programs\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Program Files\XP_AntiSpyware\AVEngn.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Common\_helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\comp.dat (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\htmlayout.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\pthreadVC2.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Uninstall.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\wscui.cpl (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\data\daily.cvd (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelner\Application Data\ContraVirus AntiSpam\Settings.xml (Rogue.ContraVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelner\Start Menu\Programs\XP_AntiSpyware\Uninstall.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelner\Start Menu\Programs\XP_AntiSpyware\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msiebbar.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Kelner\Desktop\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelner\Application Data\Microsoft\Internet Explorer\Quick Launch\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelner\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Hello.
Can you re-run Combofix now please?

ComboFix 09-10-08.04 - Kelner 10/09/2009 13:12.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.224 [GMT -4:00]
Running from: c:\documents and settings\Kelner\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pepibega.dll
c:\windows\system32\yevilido.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 )))))))))))))))))))))))))))))))
.

2009-10-09 14:35 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 14:35 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 01:42 . 2009-10-09 11:55 -------- dc----w- C:\Malwarebytes' Anti-Malware.12
2009-10-09 01:40 . 2009-10-09 01:40 -------- dc----w- C:\Malwarebytes' Anti-Malware
2009-10-08 10:41 . 2009-10-09 01:47 -------- dc----w- C:\Combo-Fix
2009-10-06 14:17 . 2009-10-09 14:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 18:00 . 2009-10-05 18:00 -------- d-----w- c:\program files\Trend Micro
2009-10-03 13:22 . 2009-10-03 13:22 -------- d-sh--w- c:\documents and settings\Hayden\IETldCache
2009-09-25 19:12 . 2009-09-25 19:12 -------- d-sh--w- c:\documents and settings\Kelner\PrivacIE
2009-09-25 19:11 . 2009-09-25 19:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-25 19:10 . 2009-09-25 19:10 -------- d-sh--w- c:\documents and settings\Kelner\IETldCache
2009-09-25 19:07 . 2009-10-04 14:53 -------- d-----w- c:\windows\ie8updates
2009-09-25 19:04 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 19:04 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-09-25 19:02 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-25 19:02 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-25 19:02 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-25 18:42 . 2009-10-09 17:08 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-23 19:08 . 2009-10-09 17:21 -------- d-----w- c:\documents and settings\Kelner\Application Data\Skype
2009-09-23 19:08 . 2009-09-23 19:08 -------- d-----r- c:\program files\Skype
2009-09-23 19:08 . 2009-09-23 19:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 16:46 . 2008-09-09 16:05 10752 ----a-w- c:\windows\DCEBoot.exe
2009-09-09 23:01 . 2007-02-27 22:49 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-24 23:01 . 2009-08-24 23:01 -------- d-----w- c:\program files\MSBuild
2009-08-24 23:01 . 2009-08-24 23:01 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 23:24 . 2005-09-06 23:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-09-06 23:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-09-06 23:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-09-06 20:47 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-09-06 23:34 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-09-06 23:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-08-17 17:22 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-09-06 23:34 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 11:38 . 2009-04-08 19:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 11:52 . 2009-07-09 11:52 1011208 --sha-w- c:\windows\system32\dakeriyo.exe
2009-07-05 11:49 . 2009-07-05 11:49 50176 --sha-w- c:\windows\system32\guyuzera.dll.tmp
2009-07-07 11:50 . 2009-07-07 11:50 88576 --sha-w- c:\windows\system32\kehutosu.dll
2009-07-05 11:48 . 2009-07-05 11:48 50176 --sha-w- c:\windows\system32\panasoba.dll
2009-07-06 23:50 . 2009-07-06 23:50 51712 --sha-w- c:\windows\system32\tenoheze.dll
2009-07-08 23:51 . 2009-07-08 23:51 1011755 --sha-w- c:\windows\system32\yemavema.exe
2009-07-06 11:49 . 2009-07-06 11:49 88064 --sha-w- c:\windows\system32\yibabofi.dll
2009-07-05 11:49 . 2009-07-05 11:49 50176 --sha-w- c:\windows\system32\yuworowe.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25626408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-08 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-08 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-18 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Motive SmartBridge"="c:\progra~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [2004-11-09 393216]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-10-10 538432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-15 805392]
Windstream Broadband Check-up Center.lnk - c:\program files\ALLTEL DSL Check-up Center\bin\matcli.exe [2007-12-13 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-28 22:02 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ATTNaturalVoices\\TTS1.2\\Desktop\\bin\\ttsdesktopproxy.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\guardgui.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/8/2009 3:47 PM 108289]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [4/9/2008 2:54 PM 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [4/9/2008 2:54 PM 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [4/9/2008 2:54 PM 170368]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\SSNDIS5.sys --> c:\windows\system32\Drivers\SSNDIS5.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nkajjcgx
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F9439391-4C64-4D24-AE0C-7AB90C0EAAB1} - hxxp://bgo2k3epwebtest/cbsdesktop/appshell/components/desktop.cab
FF - ProfilePath - c:\documents and settings\Kelner\Application Data\Mozilla\Firefox\Profiles\cf1y00ci.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{5fe22e27-a8b3-4db2-86fb-bd8c2ce8366c} - morugawe.dll
SharedTaskScheduler-{f5b14c43-a965-4ddb-b904-1ffb43e34732} - c:\windows\system32\keneluga.dll
SSODL-zoniyifaz-{f5b14c43-a965-4ddb-b904-1ffb43e34732} - c:\windows\system32\keneluga.dll
AddRemove-HijackThis - c:\documents and settings\Kelner\Desktop\HijackThis.exe
AddRemove-netMarket - e:\netmarkt\netmarkt\setup.exe
AddRemove-Toddler - E:\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 14:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll

- - - - - - - > 'explorer.exe'(3904)
c:\windows\system32\WININET.dll
c:\progra~1\ALLTEL~1\SMARTB~1\SBHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-10-09 14:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-09 18:31

Pre-Run: 29,859,987,456 bytes free
Post-Run: 29,909,180,416 bytes free

181 --- E O F --- 2009-09-26 13:00

ComboFix 09-10-08.04 - Kelner 10/09/2009 22:36.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.229 [GMT -4:00]
Running from: c:\documents and settings\Kelner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Kelner\Desktop\CFScript.txt,.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\dakeriyo.exe"
"c:\windows\system32\guyuzera.dll.tmp"
"c:\windows\system32\kehutosu.dll"
"c:\windows\system32\panasoba.dll"
"c:\windows\system32\tenoheze.dll"
"c:\windows\system32\yemavema.exe"
"c:\windows\system32\yibabofi.dll"
"c:\windows\system32\yuworowe.dll.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kehutosu.dll
c:\windows\system32\tenoheze.dll
c:\windows\system32\yibabofi.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-09 14:35 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 14:35 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 01:42 . 2009-10-09 11:55 -------- dc----w- C:\Malwarebytes' Anti-Malware.12
2009-10-09 01:40 . 2009-10-09 01:40 -------- dc----w- C:\Malwarebytes' Anti-Malware
2009-10-08 10:41 . 2009-10-09 01:47 -------- dc----w- C:\Combo-Fix
2009-10-06 14:17 . 2009-10-09 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 18:00 . 2009-10-05 18:00 -------- d-----w- c:\program files\Trend Micro
2009-10-03 13:22 . 2009-10-03 13:22 -------- d-sh--w- c:\documents and settings\Hayden\IETldCache
2009-09-25 19:12 . 2009-09-25 19:12 -------- d-sh--w- c:\documents and settings\Kelner\PrivacIE
2009-09-25 19:11 . 2009-09-25 19:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-25 19:10 . 2009-09-25 19:10 -------- d-sh--w- c:\documents and settings\Kelner\IETldCache
2009-09-25 19:07 . 2009-10-04 14:53 -------- d-----w- c:\windows\ie8updates
2009-09-25 19:04 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 19:04 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-09-25 19:02 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-25 19:02 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-25 19:02 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-25 18:42 . 2009-10-09 17:08 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-23 19:08 . 2009-10-10 02:45 -------- d-----w- c:\documents and settings\Kelner\Application Data\Skype
2009-09-23 19:08 . 2009-09-23 19:08 -------- d-----r- c:\program files\Skype
2009-09-23 19:08 . 2009-09-23 19:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 16:46 . 2008-09-09 16:05 10752 ----a-w- c:\windows\DCEBoot.exe
2009-09-09 23:01 . 2007-02-27 22:49 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-24 23:01 . 2009-08-24 23:01 -------- d-----w- c:\program files\MSBuild
2009-08-24 23:01 . 2009-08-24 23:01 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 23:24 . 2005-09-06 23:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-09-06 23:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-09-06 23:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-09-06 20:47 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-09-06 23:34 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-09-06 23:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-08-17 17:22 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-09-06 23:34 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 11:38 . 2009-04-08 19:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-09_18.23.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-09 19:25 . 2009-10-09 19:25 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25626408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-08 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-08 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-18 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Motive SmartBridge"="c:\progra~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [2004-11-09 393216]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-10-10 538432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-15 805392]
Windstream Broadband Check-up Center.lnk - c:\program files\ALLTEL DSL Check-up Center\bin\matcli.exe [2007-12-13 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-28 22:02 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ATTNaturalVoices\\TTS1.2\\Desktop\\bin\\ttsdesktopproxy.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\guardgui.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/8/2009 3:47 PM 108289]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [4/9/2008 2:54 PM 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [4/9/2008 2:54 PM 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [4/9/2008 2:54 PM 170368]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\SSNDIS5.sys --> c:\windows\system32\Drivers\SSNDIS5.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F9439391-4C64-4D24-AE0C-7AB90C0EAAB1} - hxxp://bgo2k3epwebtest/cbsdesktop/appshell/components/desktop.cab
FF - ProfilePath - c:\documents and settings\Kelner\Application Data\Mozilla\Firefox\Profiles\cf1y00ci.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 22:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-10-10 22:50
ComboFix-quarantined-files.txt 2009-10-10 02:49
ComboFix2.txt 2009-10-09 18:31

Pre-Run: 29,848,027,136 bytes free
Post-Run: 29,838,110,720 bytes free

155 --- E O F --- 2009-09-26 13:00

bump.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

After doing what you said above, our computer is back to normal. Thank you for your help.