Antivirus System Pro is here ..... what next?

here is what I created

C:\Combo-Fix\CFScript.txt (copied this from Notepad "Save As" field)

dragged shortcut CFScript.txt onto Combo-Fix icon,
Combo-Fix started then I get

CFScipt Name Error box
Where you trying to run CFScript?
The name CFScript appears to be incorrectly spelt

Name looks right to me.

Any idea?

Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to blackpudding.bat


Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.

used "%userprofile%\desktop\blackpudding.bat" /killall
from run box

ComboFix 09-11-16.03 - Tom 11/15/2009 21:25.4.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.521 [GMT -5:00]
Running from: c:\documents and settings\Tom\desktop\blackpudding.bat
Command switches used :: /killall
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ctfmon .exe

.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-15 16:35 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 16:35 . 2009-11-15 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 16:35 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 06:26 . 2009-11-16 02:13 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\exmgci
2009-11-15 06:26 . 2009-11-16 02:13 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\chtapt
2009-11-15 05:28 . 2009-11-16 02:13 -------- d-----w- c:\documents and settings\Tom\Application Data\bbabbc
2009-11-15 05:28 . 2009-11-16 02:13 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\jedynw
2009-11-15 05:12 . 2009-11-16 02:13 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\jfkkwd
2009-11-15 04:56 . 2009-11-15 04:56 389120 ----a-w- c:\windows\system32\CF7635.exe
2009-11-15 04:56 . 2009-11-15 04:54 389120 ----a-w- c:\windows\system32\CF7325.exe
2009-11-15 04:20 . 2009-11-16 02:13 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\tcmnep
2009-11-15 04:04 . 2009-11-16 02:13 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\kyvpip
2009-11-15 03:51 . 2009-11-16 02:13 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\lcfvua
2009-11-15 03:50 . 2009-11-16 02:13 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\xdlotm
2009-11-07 20:48 . 2009-11-14 19:23 79488 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-10-21 00:43 . 2009-10-21 00:43 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-21 00:43 . 2009-10-21 00:43 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 17:12 . 2009-08-25 19:01 -------- d-----w- c:\program files\QuickTime
2009-11-15 07:58 . 2008-03-09 03:35 -------- d-----w- c:\program files\VisualTaskTips
2009-11-15 07:45 . 2009-08-25 19:03 -------- d-----w- c:\program files\iTunes
2009-11-15 07:45 . 2008-03-10 04:21 -------- d-----w- c:\program files\IconLock
2009-10-09 23:34 . 2009-10-09 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-09 23:34 . 2009-10-09 23:34 -------- d-----w- c:\documents and settings\Tom\Application Data\Office Genuine Advantage
2009-10-01 01:55 . 2008-06-22 04:10 -------- d-----w- c:\program files\Windows Live
2009-10-01 01:48 . 2008-11-15 21:07 27152 ----a-w- c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 21:29 . 2009-09-29 21:29 -------- d-----w- c:\program files\Google
2009-09-24 23:44 . 2009-09-24 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-24 23:42 . 2009-09-24 23:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-24 23:41 . 2008-03-10 03:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-24 23:41 . 2009-09-24 23:41 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-24 23:37 . 2009-09-24 23:37 -------- d-----w- c:\windows\Fonts\Fonts
2009-09-24 23:35 . 2009-09-24 23:35 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-09-24 23:35 . 2009-09-24 23:35 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-24 23:35 . 2009-09-24 23:35 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-24 23:35 . 2009-09-24 23:35 129784 ------w- c:\windows\system32\pxafs.dll
2009-09-24 23:35 . 2009-09-24 23:35 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-09-24 23:35 . 2009-09-24 23:35 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-11 14:18 . 2004-08-03 23:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-03 23:56 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-03 23:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-03 23:56 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-03 23:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 18:57 . 2009-08-25 18:57 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

------- Sigcheck -------

[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-03 23:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-11-15_06.42.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-16 02:30 . 2009-11-16 02:30 16384 c:\windows\temp\Perflib_Perfdata_65c.dat
- 2009-11-15 02:00 . 2009-11-15 02:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-15 02:00 . 2009-11-15 18:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-09 03:19 . 2009-11-15 18:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-09 03:19 . 2009-11-15 02:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-15 18:34 . 2009-11-15 18:34 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-03-09 03:19 . 2009-11-15 02:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatBar"="c:\program files\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-21 520024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
3DO Registration.lnk - c:\program files\3DO\Heroes3\Register\Remind32.exe [2008-9-26 67584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-15 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
taskmanager.lnk - c:\windows\system32\taskmgr.exe [2004-8-3 135680]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 6:18 AM 64160]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/3/2009 2:59 PM 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/7/2009 1:35 AM 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [12/31/2008 1:12 PM 693512]
R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [12/21/2004 3:16 PM 141990]
R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [3/16/2008 11:02 AM 79616]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [12/31/2008 1:12 PM 910600]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:43]

2009-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2009-11-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-07-03 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Search Current News - file://\program files\powershell-xp3\search5.htm
IE: Search Encyclopedia - file://\program files\powershell-xp3\search4.htm
IE: Search for Images - file://\program files\powershell-xp3\search3.htm
IE: Search Newsgroups - file://\program files\powershell-xp3\search2.htm
IE: Search the Web - file://\program files\powershell-xp3\search.htm
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-VisualTaskTips - c:\program files\VisualTaskTips\VisualTaskTips.exe
HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 21:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1380)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\WgaTray.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2009-11-15 21:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-16 02:34
ComboFix2.txt 2009-11-15 06:47
ComboFix3.txt 2009-07-03 19:39
ComboFix4.txt 2009-07-03 19:07

Pre-Run: 39,132,659,712 bytes free
Post-Run: 39,190,134,784 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - B3D553E588CE60326D4BAB0FF5658A69

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   killall::
   
   Folder::
   c:\documents and settings\Tom\Local Settings\Application Data\exmgci
   c:\documents and settings\Tom\Local Settings\Application Data\chtapt
   c:\documents and settings\Tom\Application Data\bbabbc
   c:\documents and settings\Tom\Local Settings\Application Data\jedynw
   c:\documents and settings\Tom\Local Settings\Application Data\jfkkwd
   c:\documents and settings\Tom\Local Settings\Application Data\kyvpip
   c:\documents and settings\Tom\Local Settings\Application Data\tcmnep
   c:\documents and settings\Tom\Local Settings\Application Data\lcfvua
   c:\documents and settings\Tom\Local Settings\Application Data\xdlotm
   
   File::
   c:\windows\system32\nerocheck.exe
   C:\penmrdya.exe
   C:\aywdthl.exe
   
   FCopy::
   c:\windows\system32\dllcache\mspmsnsv.dll | c:\windows\system32\mspmsnsv.dll
   
   Registry::
   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "teinonvy"=-
   
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "immkiguk"=-
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into blackpudding.bat
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Here is run with CFScript.txt

ComboFix 09-11-16.03 - Tom 11/15/2009 22:29.5.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.587 [GMT -5:00]
Running from: c:\documents and settings\Tom\Desktop\commy.exe
Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"C:\aywdthl.exe"
"C:\penmrdya.exe"
"c:\windows\system32\nerocheck.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tom\Application Data\bbabbc
c:\documents and settings\Tom\Local Settings\Application Data\chtapt
c:\documents and settings\Tom\Local Settings\Application Data\exmgci
c:\documents and settings\Tom\Local Settings\Application Data\jedynw
c:\documents and settings\Tom\Local Settings\Application Data\jfkkwd
c:\documents and settings\Tom\Local Settings\Application Data\kyvpip
c:\documents and settings\Tom\Local Settings\Application Data\lcfvua
c:\documents and settings\Tom\Local Settings\Application Data\tcmnep
c:\documents and settings\Tom\Local Settings\Application Data\xdlotm

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\mspmsnsv.dll --> c:\windows\system32\mspmsnsv.dll
.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-15 16:35 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 16:35 . 2009-11-15 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 16:35 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 04:56 . 2009-11-15 04:56 389120 ----a-w- c:\windows\system32\CF7635.exe
2009-11-15 04:56 . 2009-11-15 04:54 389120 ----a-w- c:\windows\system32\CF7325.exe
2009-11-07 20:48 . 2009-11-14 19:23 79488 ----a-w- c:\documents and settings\Tom\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-10-21 00:43 . 2009-10-21 00:43 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-21 00:43 . 2009-10-21 00:43 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 17:12 . 2009-08-25 19:01 -------- d-----w- c:\program files\QuickTime
2009-11-15 07:58 . 2008-03-09 03:35 -------- d-----w- c:\program files\VisualTaskTips
2009-11-15 07:45 . 2009-08-25 19:03 -------- d-----w- c:\program files\iTunes
2009-11-15 07:45 . 2008-03-10 04:21 -------- d-----w- c:\program files\IconLock
2009-10-09 23:34 . 2009-10-09 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-09 23:34 . 2009-10-09 23:34 -------- d-----w- c:\documents and settings\Tom\Application Data\Office Genuine Advantage
2009-10-01 01:55 . 2008-06-22 04:10 -------- d-----w- c:\program files\Windows Live
2009-10-01 01:48 . 2008-11-15 21:07 27152 ----a-w- c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-29 21:29 . 2009-09-29 21:29 -------- d-----w- c:\program files\Google
2009-09-24 23:44 . 2009-09-24 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-24 23:42 . 2009-09-24 23:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-24 23:41 . 2008-03-10 03:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-24 23:41 . 2009-09-24 23:41 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-24 23:37 . 2009-09-24 23:37 -------- d-----w- c:\windows\Fonts\Fonts
2009-09-24 23:35 . 2009-09-24 23:35 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-09-24 23:35 . 2009-09-24 23:35 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-24 23:35 . 2009-09-24 23:35 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-24 23:35 . 2009-09-24 23:35 129784 ------w- c:\windows\system32\pxafs.dll
2009-09-24 23:35 . 2009-09-24 23:35 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-09-24 23:35 . 2009-09-24 23:35 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-11 14:18 . 2004-08-03 23:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-03 23:56 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-03 23:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-03 23:56 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-03 23:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 18:57 . 2009-08-25 18:57 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

------- Sigcheck -------

[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\mspmsnsv.dll
[-] 2005-01-28 17:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-03 23:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-11-15_06.42.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-16 03:33 . 2009-11-16 03:33 16384 c:\windows\temp\Perflib_Perfdata_720.dat
+ 2009-11-15 02:00 . 2009-11-15 18:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-15 02:00 . 2009-11-15 02:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-09 03:19 . 2009-11-15 18:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-09 03:19 . 2009-11-15 02:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatBar"="c:\program files\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-21 520024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
3DO Registration.lnk - c:\program files\3DO\Heroes3\Register\Remind32.exe [2008-9-26 67584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-15 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
taskmanager.lnk - c:\windows\system32\taskmgr.exe [2004-8-3 135680]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 6:18 AM 64160]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/3/2009 2:59 PM 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/7/2009 1:35 AM 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [12/31/2008 1:12 PM 693512]
R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [12/21/2004 3:16 PM 141990]
R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [3/16/2008 11:02 AM 79616]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [12/31/2008 1:12 PM 910600]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:43]

2009-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2009-11-16 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-07-03 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Search Current News - file://\program files\powershell-xp3\search5.htm
IE: Search Encyclopedia - file://\program files\powershell-xp3\search4.htm
IE: Search for Images - file://\program files\powershell-xp3\search3.htm
IE: Search Newsgroups - file://\program files\powershell-xp3\search2.htm
IE: Search the Web - file://\program files\powershell-xp3\search.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 22:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\WgaTray.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-11-15 22:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-16 03:37
ComboFix2.txt 2009-11-16 02:34
ComboFix3.txt 2009-11-15 06:47
ComboFix4.txt 2009-07-03 19:39
ComboFix5.txt 2009-11-16 03:28

Pre-Run: 39,204,679,680 bytes free
Post-Run: 39,166,255,104 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 4BEE7F5901BF12F5BDB7579607B83DA3

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.41
Database version: 3175
Windows 5.1.2600 Service Pack 3

11/15/2009 11:22:42 PM
mbam-log-2009-11-15 (23-22-42).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 176530
Time elapsed: 33 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.