Here is the log:
ComboFix 10-06-10.04 - PFBCUser 06/11/2010 10:44:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1574 [GMT -4:00]
Running from: c:\documents and settings\PFBCUser\Desktop\ComboFix.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PFBCUser\GoToAssistDownloadHelper.exe
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlls.dll.vir
c:\windows\system32\system
c:\windows\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))
.
2010-06-11 11:34 . 2010-06-11 11:34 388096 ----a-r- c:\documents and settings\PFBCUser\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-11 11:34 . 2010-06-11 11:34 -------- d-----w- c:\program files\Trend Micro
2010-06-08 13:26 . 2010-06-08 13:43 -------- d-----w- c:\documents and settings\PFBCUser\Local Settings\Application Data\urbycler
2010-06-01 14:24 . 2010-06-01 15:53 9662 ----a-r- c:\documents and settings\PFBCUser\Application Data\Microsoft\Installer\{4960585D-00BA-487E-8211-D6A4CAD5DC59}\_6FEFF9B68218417F98F549.exe
2010-06-01 14:24 . 2010-06-01 15:53 10134 ----a-r- c:\documents and settings\PFBCUser\Application Data\Microsoft\Installer\{4960585D-00BA-487E-8211-D6A4CAD5DC59}\_9C16E12F39D56E18626301.exe
2010-05-14 11:29 . 2010-05-14 11:29 -------- d-----w- c:\documents and settings\PFBCUser\Application Data\Trusteer
2010-05-14 11:29 . 2010-05-14 11:29 -------- d-----w- c:\program files\Trusteer
2010-05-14 11:28 . 2010-05-14 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 14:51 . 2008-12-10 18:25 109439264 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-11 14:51 . 2008-12-10 18:25 1467168 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-06-11 14:41 . 2008-12-10 18:25 138572 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-06-11 14:41 . 2008-12-10 18:25 1466156 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-11 14:41 . 2004-08-04 10:00 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-06-10 22:57 . 2007-11-09 16:49 -------- d-----w- c:\documents and settings\PFBCUser\Application Data\Wave Systems Corp
2010-06-08 13:31 . 2008-02-27 19:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 17:02 . 2010-02-10 20:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-01 17:02 . 2010-02-10 20:17 38784 ----a-w- c:\documents and settings\PFBCUser\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-12 00:05 . 2007-11-09 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-19 02:50 . 2010-04-19 02:49 -------- d-----w- c:\program files\Garmin
2010-04-19 02:49 . 2010-04-19 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2010-04-19 02:45 . 2010-04-19 00:01 -------- d-----w- c:\documents and settings\PFBCUser\Application Data\GARMIN
2010-04-19 02:35 . 2010-04-19 00:40 -------- d-----w- c:\documents and settings\PFBCUser\Application Data\Download Manager
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-10 39408]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="c:\program files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2009-04-22 65264]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 102400]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 212992]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"UMonit"="c:\windows\system32\umonit.exe" [2004-01-05 53248]
"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-27 50688]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [4/25/2010 3:52 PM 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [4/25/2010 3:52 PM 158312]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/22/2008 4:58 PM 693512]
R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe [11/14/2008 6:28 PM 4937752]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [4/25/2010 3:52 PM 824552]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/4/2004 6:00 AM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [11/14/2008 6:28 PM 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [11/14/2008 6:28 PM 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [11/14/2008 6:28 PM 27376]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 11:12 AM 135664]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [7/9/2008 3:00 PM 6016]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/22/2008 4:58 PM 910600]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [4/22/2009 10:38 AM 170736]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder
2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:12]
2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:12]
2010-06-11 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 18:28]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://desktop.google.com/uninstall-feedback.html?hl=en
uInternet Settings,ProxyServer = http=127.0.0.1:1062
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-kbrydime - c:\documents and settings\PFBCUser\Local Settings\Application Data\pommtcjtf\vhfftajtssd.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
SafeBoot-klmdb.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-06-11 10:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?or.sys???8?????????#?8?????#?6?US????8???UB????????????????????????????A~????????????tq%?l??????|@??|????=??|??D~??????????#?F$?|??B~??B~*?,???#???????????????????????????????B~????????????tq%?????T?????%?????tq%???????+????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1336)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-06-11 10:54:00
ComboFix-quarantined-files.txt 2010-06-11 14:53
Pre-Run: 74,408,239,104 bytes free
Post-Run: 74,560,192,512 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - F9C15644406660775A0A29176CCA10DB