Here's the 2nd ComboFix log:
ComboFix 10-03-06.01 - Owner 03/06/2010 14:40:32.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1628 [GMT -6:00]
Running from: f:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"f:\windows\system32\drivers\ghjum.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
f:\documents and settings\Owner\Local Settings\Application Data\carewh
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gylxr
((((((((((((((((((((((((( Files Created from 2010-02-06 to 2010-03-06 )))))))))))))))))))))))))))))))
.
2010-03-06 13:49 . 2010-03-06 13:49 77312 ----a-w- F:\mbr.exe
2010-02-27 21:03 . 2010-02-27 21:03 -------- d-----w- F:\rsit
2010-02-27 19:39 . 2010-02-27 19:39 -------- d-----w- f:\documents and settings\Owner\Application Data\Malwarebytes
2010-02-27 19:39 . 2010-01-07 22:07 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 19:39 . 2010-02-27 19:39 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-27 19:39 . 2010-01-07 22:07 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-02-08 03:45 . 2006-11-29 19:06 3426072 ----a-w- f:\windows\system32\d3dx9_32.dll
2010-02-08 03:45 . 2010-02-08 03:45 -------- d-----w- f:\program files\Microsoft SQL Server Compact Edition
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 04:31 . 2008-05-16 01:56 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP
2010-03-06 02:25 . 2008-10-10 15:49 1600687 ----a-w- f:\windows\Internet Logs\tvDebug.Zip
2010-03-04 00:16 . 2010-03-04 00:17 2320896 ----a-w- f:\windows\Internet Logs\xDB14.tmp
2010-03-02 16:43 . 2010-03-03 00:42 2318848 ----a-w- f:\windows\Internet Logs\xDB13.tmp
2010-03-02 00:17 . 2010-03-02 00:18 2317824 ----a-w- f:\windows\Internet Logs\xDB12.tmp
2010-03-01 14:45 . 2010-03-01 14:49 2316800 ----a-w- f:\windows\Internet Logs\xDB11.tmp
2010-02-27 18:56 . 2004-10-08 00:19 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-27 17:40 . 2010-02-27 17:40 36733 ----a-w- f:\windows\Internet Logs\vsmon_2nd_2010_02_27_09_04_39_small.dmp.zip
2010-02-24 15:16 . 2009-10-03 13:04 181632 ------w- f:\windows\system32\MpSigStub.exe
2010-02-21 17:55 . 2010-02-21 21:04 2283008 ----a-w- f:\windows\Internet Logs\xDB10.tmp
2010-02-18 16:02 . 2010-02-18 16:03 2275328 ----a-w- f:\windows\Internet Logs\xDBF.tmp
2010-02-08 03:46 . 2010-01-20 00:50 -------- d-----w- f:\program files\Windows Live
2010-01-31 16:53 . 2010-01-31 16:53 112736 ----a-w- f:\documents and settings\Owner\Application Data\Juniper Networks\Host Checker\AV\CrawlerAV.dll
2010-01-31 16:53 . 2010-01-31 16:53 108640 ----a-w- f:\documents and settings\Owner\Application Data\Juniper Networks\Host Checker\AV\AgnitumAV.dll
2010-01-31 16:53 . 2010-01-31 16:53 145504 ----a-w- f:\documents and settings\Owner\Application Data\Juniper Networks\Host Checker\AV\Lavasoft.dll
2010-01-31 16:53 . 2010-01-31 16:53 104544 ----a-w- f:\documents and settings\Owner\Application Data\Juniper Networks\Host Checker\AV\Zone_Labs.dll
2010-01-31 16:53 . 2010-01-31 16:53 125024 ----a-w- f:\documents and settings\Owner\Application Data\Juniper Networks\Host Checker\AV\Check_PointAV.dll
2010-01-31 16:51 . 2010-01-31 16:51 112736 ----a-w- f:\documents and settings\Owner\Application Data\Juniper Networks\Host Checker\AV\SalD.dll
2010-01-20 12:43 . 2010-01-20 15:34 2242560 ----a-w- f:\windows\Internet Logs\xDBE.tmp
2010-01-20 00:53 . 2004-10-05 01:16 60376 ----a-w- f:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 00:51 . 2010-01-20 00:51 -------- d-----w- f:\program files\Microsoft
2010-01-20 00:50 . 2010-01-20 00:50 -------- d-----w- f:\program files\Windows Live SkyDrive
2010-01-20 00:48 . 2010-01-20 00:48 -------- d-----w- f:\program files\Common Files\Windows Live
2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- f:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2003-07-16 20:51 916480 ------w- f:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-10-03 23:11 343040 ----a-w- f:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2003-07-16 20:26 33280 ----a-w- f:\windows\system32\csrsrv.dll
2009-12-12 14:59 . 2009-06-13 14:34 56816 ----a-w- f:\windows\system32\drivers\avgntflt.sys
2009-12-12 14:37 . 2009-12-12 14:37 4904 ----a-w- f:\windows\system32\PerfStringBackup.TMP
2009-12-08 19:27 . 2003-07-16 20:39 2189184 ------w- f:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2066048 ------w- f:\windows\system32\ntkrnlpa.exe
2006-05-03 09:06 . 2009-08-21 03:40 163328 --sh--r- f:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-08-21 03:40 31232 --sh--r- f:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-08-21 03:40 216064 --sh--r- f:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="f:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Windows Defender"="g:\spyware\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"CTCheck"="g:\musicxfr\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"f:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 hotcore3;Hotcore helper;f:\windows\system32\drivers\hotcore3.sys [7/4/2008 6:17 PM 40496]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [6/13/2009 8:34 AM 108289]
R2 WinDefend;Windows Defender;g:\spyware\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S4 a2free;a-squared Free Service;g:\spyware\a-squared Free\a2service.exe [6/10/2007 10:57 AM 1858144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 15:14 451872 ----a-w- f:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-03-06 f:\windows\Tasks\MP Scheduled Scan.job
- g:\spyware\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.southernstandard.com/
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: adobe.com
Trusted Zone: aedcfcu.org
Trusted Zone: aesoponline.com\kelly
Trusted Zone: amiuptodate.com
Trusted Zone: arcot.com
Trusted Zone: ascendfcu.org
Trusted Zone: balfour.com
Trusted Zone: blomand.net
Trusted Zone: bncollege.com\secure
Trusted Zone: buydig.com
Trusted Zone: capitalone.com
Trusted Zone: careerbuilder.com
Trusted Zone: chase.com
Trusted Zone: checksinthemail.com\secure
Trusted Zone: chegg.com
Trusted Zone: chickasaw.com
Trusted Zone: cmt.com
Trusted Zone: creative.com
Trusted Zone: creative.com\us
Trusted Zone: creative.com\www
Trusted Zone: dell.com
Trusted Zone: diginsite.com\portal-2
Trusted Zone: discovercard.com
Trusted Zone: ebay.com\signin
Trusted Zone: ed.gov
Trusted Zone: ed.gov\*.fafsa
Trusted Zone: google.com
Trusted Zone: irs.gov
Trusted Zone: kellyeducationalstaffing.us
Trusted Zone: live.com
Trusted Zone: magic985.com
Trusted Zone: mcafee.com
Trusted Zone: mcafeehelp.com
Trusted Zone: mesa-robotics.com
Trusted Zone: mesainc.com
Trusted Zone: microsoft.com
Trusted Zone: mscc.edu
Trusted Zone: neonova.net
Trusted Zone: net10.com
Trusted Zone: newegg.com
Trusted Zone: paypal.com\www
Trusted Zone: pcpowercooling.com
Trusted Zone: postini.com
Trusted Zone: principal.com
Trusted Zone: proactiv.com\www
Trusted Zone: taxact.com
Trusted Zone: ticketmaster.com
Trusted Zone: tnlottery.com
Trusted Zone: tntech.edu
Trusted Zone: tracfone.com
Trusted Zone: verizonwireless.com
Trusted Zone: walmart.com
Trusted Zone: wellsfargo.com
Trusted Zone: windowsmedia.com
Trusted Zone: wwbw.com\www
TCP: {43BA827B-8B38-4A65-9169-7C821B43CB13} = 192.168.1.254
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 14:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(740)
f:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4084)
f:\windows\system32\WININET.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\LEXBCES.EXE
f:\windows\system32\LEXPPS.EXE
f:\program files\Avira\AntiVir Desktop\avguard.exe
f:\windows\System32\CTsvcCDA.exe
f:\program files\Common Files\LightScribe\LSSrvc.exe
f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
f:\windows\System32\MsPMSPSv.exe
f:\windows\system32\wscntfy.exe
f:\windows\BCMSMMSG.exe
.
**************************************************************************
.
Completion time: 2010-03-06 14:53:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-06 20:53
ComboFix2.txt 2010-03-06 14:45
Pre-Run: 20,083,744,768 bytes free
Post-Run: 19,956,109,312 bytes free
- - End Of File - - BC03024E616949298E6E1ED893FB40D4