I fell victim to the Antivirus 2009. I ran AVG free version and it found a trojan and infected files. I thought that was the end of it until my IE started redirecting every google result to a go.google page where the virus tried to run again. I interrupted it and ran AVG again only it came up clean this time. I tried to update AVG database and it wouldn't connect to the site. I tried on another computer and it would load. I found this forum and tried to open pages and my browser won't let me so I am using another computer to find help pages and to download hijackthis, ERUNT, ATF and mbam-setup. I could not get mbam to run on my computer. Here is my hijackThis log. Thanks for any help and direction.

- Steve

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:18 AM, on 11/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Steven Lorandos\Desktop\HJTInstall.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\STEVEN LORANDOS\Application Data\Mozilla\Profiles\default\8a9nvph9.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178119416031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178119472828
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_04) - http://cp02.coursecompass.com:8011/webapps...e-1_4_1-win.exe
O20 - AppInit_DLLs: karna.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: AVG8 Firewall (avgfws8) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgfws8.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 12008 bytes

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

I had to download and extract SDFix on another computer and then copy it to my computer. I followed the directions but I had to retrieve the report as it did not automatically open. Here is the report. Thanks for the help so far.


SDFix: Version 1.240
Run by Steven Lorandos on Mon 11/17/2008 at 03:12 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\delself.bat - Deleted


Could Not Remove C:\WINDOWS\system32\TDSSkfrm.dll
Could Not Remove C:\WINDOWS\system32\TDSSurev.dll
Could Not Remove C:\WINDOWS\system32\TDSSoctl.dll
Could Not Remove C:\WINDOWS\system32\TDSSxnyq.dll
Could Not Remove C:\WINDOWS\system32\TDSSdppb.dll
Could Not Remove C:\WINDOWS\system32\TDSSblat.dat
Could Not Remove C:\WINDOWS\system32\TDSSqogd.log



Removing Temp Files

ADS Check :

Can you post all the log and do this

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

The entire SDFix log is posted above. Here is the ComboFix report. Also, I am now able to do these downloads and repairs directly from the affected computer

ComboFix 08-11-16.05 - Steven Lorandos 2008-11-17 16:25:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.330 [GMT -6:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\setup.exe
c:\windows\system32\drivers\TDSSrfdc.sys
c:\windows\system32\TDSSblat.dat
c:\windows\system32\TDSSdppb.dll
c:\windows\system32\TDSSkfrm.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoctl.dll
c:\windows\system32\TDSSqogd.log
c:\windows\system32\TDSSqshc.dll
c:\windows\system32\TDSSshbe.log
c:\windows\system32\TDSSurev.dll
c:\windows\system32\TDSSxnyq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-17 15:04 . 2008-11-17 15:05 <DIR> d-------- c:\windows\ERUNT
2008-11-17 15:01 . 2008-11-17 15:25 <DIR> d-------- C:\SDFix
2008-11-17 00:33 . 2008-11-17 00:33 <DIR> d-------- c:\program files\ERUNT
2008-11-12 14:26 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 14:26 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 13:13 . 2003-08-07 11:52 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-11-11 13:13 . 2003-08-07 15:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sony Corporation
2008-11-11 13:13 . 2003-08-07 18:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MSN6
2008-11-11 13:13 . 2008-11-16 19:46 <DIR> d-------- c:\documents and settings\Administrator
2008-11-11 10:41 . 2008-11-11 10:41 16,517 --a------ c:\windows\buhadijo.exe
2008-11-11 10:41 . 2008-11-11 10:41 15,685 --a------ c:\windows\edunaj.reg
2008-11-11 10:41 . 2008-11-11 10:41 15,624 --a------ c:\program files\Common Files\noxuzok.pif
2008-11-11 10:41 . 2008-11-11 10:41 15,462 --a------ c:\documents and settings\All Users\Application Data\hicihyt.bat
2008-11-11 10:41 . 2008-11-11 10:41 15,039 --a------ c:\windows\ixeruweh.com
2008-11-11 10:41 . 2008-11-11 10:41 14,846 --a------ c:\windows\hewyry.vbs
2008-11-11 10:41 . 2008-11-11 10:41 13,947 --a------ c:\documents and settings\All Users\Application Data\ebogeba.com
2008-11-11 10:41 . 2008-11-11 10:41 13,864 --a------ c:\documents and settings\Steven Lorandos\Application Data\ologefodob.reg
2008-11-11 10:41 . 2008-11-11 10:41 13,105 --a------ c:\documents and settings\All Users\Application Data\udacyluw.bin
2008-11-11 10:41 . 2008-11-11 10:41 12,949 --a------ c:\windows\uneqota.reg
2008-10-24 00:40 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-17 01:40 --------- d-----w c:\program files\Google
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 08:08 --------- d-----w c:\program files\Microsoft Silverlight
2008-09-25 01:55 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"EPSON Stylus CX7400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE" [2007-02-15 179200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-06-13 114688]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4612096]
"SigmaTel StacMon"="c:\program files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 45056]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 90112]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 1409024]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 28672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]

c:\documents and settings\Steven Lorandos\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-05-01 25214]
PowerPanel.lnk - c:\program files\PowerPanel\Program\PcfMgr.exe [2003-08-07 872448]
Remocon Driver.lnk - c:\program files\Sony\USBSircs\usbsircs.exe [2007-05-01 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 01:08 483328 c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 17:58 856064 c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
--a------ 2003-08-25 11:49 53248 c:\windows\SONYSYS\VAIO Recovery\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 11:29 40960 c:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a------ 2003-03-17 12:52 1056768 c:\program files\Sony\VAIO Survey\SurveySA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZZZ]
--a------ 2003-05-16 12:31 24576 c:\windows\SONYSYS\Eflyer\EFlyer_Popup.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Java\\j2re1.4.1_04\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\DRIVERS\HSFHWSIS.sys [2003-08-06 156288]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-08-06 71961]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys []
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe []
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe []
S2 mrtRate;mrtRate; []
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys []
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys []
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2003-08-07 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2003-08-07 7520]
.
Contents of the 'Scheduled Tasks' folder

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Steven Lorandos\Application Data\Mozilla\Firefox\Profiles\robi26uk.default\
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\j2re1.4.1_04\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\j2re1.4.1_04\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\j2re1.4.1_04\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\j2re1.4.1_04\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\j2re1.4.1_04\bin\NPJPI141_04.dll
FF -: plugin - c:\program files\Java\j2re1.4.1_04\bin\NPOJI610.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 16:31:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-17 16:35:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-17 22:35:09

Pre-Run: 1,549,017,088 bytes free
Post-Run: 1,455,689,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

210 --- E O F --- 2008-11-13 09:05:59

Hello

Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
• A browser will open.
• Simply follow the instructions to copy/paste/send the requested file.

ComboFix 08-11-16.05 - Steven Lorandos 2008-11-17 16:59:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.243 [GMT -6:00]
Running from: c:\documents and settings\Steven Lorandos\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Steven Lorandos\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ebogeba.com
c:\documents and settings\All Users\Application Data\hicihyt.bat
c:\documents and settings\All Users\Application Data\udacyluw.bin
c:\documents and settings\Steven Lorandos\Application Data\ologefodob.reg
c:\program files\Common Files\noxuzok.pif
c:\windows\buhadijo.exe
c:\windows\edunaj.reg
c:\windows\hewyry.vbs
c:\windows\ixeruweh.com
c:\windows\uneqota.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVG8EMC
-------\Legacy_AVG8WD
-------\Legacy_AVGFWS8
-------\Legacy_AVGLDX86
-------\Legacy_AVGTDIX
-------\Legacy_MRTRATE
-------\Service_avg8emc
-------\Service_avg8wd
-------\Service_Avgfwdx
-------\Service_Avgfwfd
-------\Service_avgfws8
-------\Service_AvgLdx86
-------\Service_AvgTdiX
-------\Service_mrtRate


((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-17 15:04 . 2008-11-17 15:05 <DIR> d-------- c:\windows\ERUNT
2008-11-17 15:01 . 2008-11-17 15:25 <DIR> d-------- C:\SDFix
2008-11-17 00:33 . 2008-11-17 00:33 <DIR> d-------- c:\program files\ERUNT
2008-11-12 14:26 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 14:26 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 13:13 . 2003-08-07 11:52 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-11-11 13:13 . 2003-08-07 15:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sony Corporation
2008-11-11 13:13 . 2003-08-07 18:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MSN6
2008-11-11 13:13 . 2008-11-16 19:46 <DIR> d-------- c:\documents and settings\Administrator
2008-10-24 00:40 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-17 01:40 --------- d-----w c:\program files\Google
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 08:08 --------- d-----w c:\program files\Microsoft Silverlight
2008-09-25 01:55 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"EPSON Stylus CX7400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE" [2007-02-15 179200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-06-13 114688]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4612096]
"SigmaTel StacMon"="c:\program files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 45056]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 90112]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 1409024]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 28672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]

c:\documents and settings\Steven Lorandos\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-05-01 25214]
PowerPanel.lnk - c:\program files\PowerPanel\Program\PcfMgr.exe [2003-08-07 872448]
Remocon Driver.lnk - c:\program files\Sony\USBSircs\usbsircs.exe [2007-05-01 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 01:08 483328 c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 17:58 856064 c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
--a------ 2003-08-25 11:49 53248 c:\windows\SONYSYS\VAIO Recovery\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 11:29 40960 c:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
--a------ 2003-03-17 12:52 1056768 c:\program files\Sony\VAIO Survey\SurveySA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZZZ]
--a------ 2003-05-16 12:31 24576 c:\windows\SONYSYS\Eflyer\EFlyer_Popup.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Java\\j2re1.4.1_04\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\DRIVERS\HSFHWSIS.sys [2003-08-06 156288]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-08-06 71961]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2003-08-07 17251]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2003-08-07 7520]
.
Contents of the 'Scheduled Tasks' folder

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 17:02:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-17 17:06:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-17 23:06:32
ComboFix2.txt 2008-11-17 22:35:16

Pre-Run: 1,443,741,696 bytes free
Post-Run: 1,432,768,512 bytes free

179 --- E O F --- 2008-11-13 09:05:59

Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

The Malwarebytes updated and ran. It found no malicious items and did not need to disinfect. Here is the log:

Malwarebytes' Anti-Malware 1.30
Database version: 1405
Windows 5.1.2600 Service Pack 3

11/17/2008 5:27:59 PM
mbam-log-2008-11-17 (17-27-59).txt

Scan type: Quick Scan
Objects scanned: 53749
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



_______________________________________________________________________________


Took a while to do the Kaspersky. Here is that scan report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 17, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 17, 2008 20:48:48
Records in database: 1390341
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan statistics:
Files scanned: 92400
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:43:57


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSrfdc.sys.vir Infected: Backdoor.Win32.TDSS.bkw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSkfrm.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoctl.dll.vir Infected: Backdoor.Win32.TDSS.atb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSurev.dll.vir Infected: Backdoor.Win32.TDSS.asz 1

The selected area was scanned.