Blade81 was helpingme on this previously - I had a lag in communication due to a vacation.

Here is a link to the previous thread: http://forums.spybot.info/showthread.php?t=36321&highlight=serious

Below is the Log following a running of ComboFix.exe on my PC:

ComboFix 08-12-03.04 - jc 2008-12-04 9:47:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.116 [GMT -5:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jc\Local Settings\Temporary Internet Files\ejeroxyxyn.scr
c:\documents and settings\jc\Local Settings\Temporary Internet Files\gafizoxyq.db
c:\documents and settings\jc\Local Settings\Temporary Internet Files\kewogoh.bat
c:\documents and settings\jc\Local Settings\Temporary Internet Files\lazymuhoc.inf
c:\documents and settings\jc\Local Settings\Temporary Internet Files\mimutydut.com
c:\documents and settings\jc\Local Settings\Temporary Internet Files\qery.lib
c:\documents and settings\jc\Local Settings\Temporary Internet Files\uropyxav.scr
c:\windows\system32\av.dat
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\drivers\TDSSpqxt.sys
c:\windows\system32\TDSSbutv.log
c:\windows\system32\TDSScbqp.dll
c:\windows\system32\TDSSciou.dll
c:\windows\system32\TDSSfpmp.log
c:\windows\system32\TDSShrsr.dll
c:\windows\system32\TDSShrxx.dll
c:\windows\system32\TDSSkkbi.log
c:\windows\system32\TDSSlblj.dll
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSmqxt.log
c:\windows\system32\TDSSmtql.dll
c:\windows\system32\TDSSmtyh.dat
c:\windows\system32\TDSSnmxh.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSoiqh.log
c:\windows\system32\TDSSoiqn.dll
c:\windows\system32\TDSSorvd.dat
c:\windows\system32\TDSSosvn.dll
c:\windows\system32\TDSSpqxt.dat
c:\windows\system32\TDSSrhyp.dll
c:\windows\system32\TDSSrtqp.dll
c:\windows\system32\TDSSsihc.dll
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\TDSSxnsx.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSSERV.SYS)
-------\Legacy_TDSSSERV.SYS)


((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.

2008-11-13 13:24 . 2008-11-13 13:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 13:24 . 2008-11-13 13:24 <DIR> d-------- c:\documents and settings\jc\Application Data\Malwarebytes
2008-11-13 13:24 . 2008-11-13 13:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 13:24 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 13:24 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-12 12:58 . 2008-11-12 12:58 <DIR> d-------- C:\rsit
2008-11-12 10:17 . 2008-11-12 10:17 <DIR> d-------- c:\program files\Trend Micro
2008-11-08 08:46 . 2008-11-08 09:07 1,080 --a------ c:\windows\system32\drivers\kgpfr2(6).cfg
2008-11-08 08:46 . 2008-11-08 09:07 1,080 --a------ c:\windows\system32\drivers\kgpfr2(5).cfg
2008-11-08 08:46 . 2008-11-08 09:07 1,080 --a------ c:\windows\system32\drivers\kgpfr2(3).cfg
2008-11-08 08:46 . 2008-11-08 09:07 1,080 --a------ c:\windows\system32\drivers\kgpfr2(2).cfg
2008-11-08 07:29 . 2008-11-08 07:31 1,488 --a------ c:\windows\system32\drivers\kgpcpy(6).cfg
2008-11-08 07:29 . 2008-11-08 07:31 1,488 --a------ c:\windows\system32\drivers\kgpcpy(5).cfg
2008-11-08 07:29 . 2008-11-08 07:31 1,488 --a------ c:\windows\system32\drivers\kgpcpy(3).cfg
2008-11-08 07:29 . 2008-11-08 07:31 1,488 --a------ c:\windows\system32\drivers\kgpcpy(2).cfg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 20:32 --------- d-----w c:\program files\Google
2008-11-08 13:47 --------- d-----w c:\documents and settings\All Users\Application Data\DIGStream
2008-11-06 13:44 2,456 ----a-w c:\windows\system32\drivers\kgpfr2(4).cfg
2008-11-02 13:28 328 ----a-w c:\windows\system32\drivers\kgpcpy(4).cfg
2008-10-25 16:42 --------- d-----w c:\program files\ESPNRunTime
2008-10-25 16:42 --------- d-----w c:\program files\DIGStream
2008-10-25 16:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-25 16:42 --------- d-----w c:\program files\Common Files\Apple
2008-10-25 16:42 --------- d-----w c:\program files\Common Files\Adobe
2008-10-25 16:42 --------- d-----w c:\program files\Bonjour
2008-10-25 16:19 19,502 ----a-w c:\windows\uxyd.bat
2008-10-25 16:19 17,120 ----a-w c:\windows\emydomaky.sys
2008-10-25 16:19 16,816 ----a-w c:\documents and settings\All Users\Application Data\ufigan.bat
2008-10-25 16:19 16,038 ----a-w c:\windows\levemegy.com
2008-10-25 16:19 15,912 ----a-w c:\windows\ehyrib.reg
2008-10-25 16:19 12,844 ----a-w c:\windows\yxem.bin
2008-10-25 16:19 12,638 ----a-w c:\windows\cirubehu.reg
2008-10-25 16:19 10,561 ----a-w c:\windows\dinycufyby.bin
2008-10-04 12:40 --------- d-----w c:\program files\iTunes
2008-10-04 12:40 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 12:39 --------- d-----w c:\program files\iPod
2008-02-01 03:39 60,424 ----a-w c:\documents and settings\jc\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-09-02 100056]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-10-31 278528]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-10-31 101888]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-01-31 366400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-04-05 82026]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-11-08 c:\windows\Tasks\Norton AntiVirus - Scan my computer - jc.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 11:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
HKLM-Run-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\jc\Application Data\Mozilla\Firefox\Profiles\rpxuh5ty.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://news.google.com/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 09:52:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\program files\Musicmatch\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-04 9:55:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 14:55:23

Pre-Run: 37,412,126,720 bytes free
Post-Run: 38,075,858,944 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

208 --- E O F --- 2008-10-24 07:01:06

Hi

Open notepad and copy/paste the text in the quotebox below into it:



File::
c:\windows\system32\drivers\kgpfr2(6).cfg
c:\windows\system32\drivers\kgpfr2(5).cfg
c:\windows\system32\drivers\kgpfr2(3).cfg
c:\windows\system32\drivers\kgpfr2(2).cfg
c:\windows\system32\drivers\kgpcpy(6).cfg
c:\windows\system32\drivers\kgpcpy(5).cfg
c:\windows\system32\drivers\kgpcpy(3).cfg
c:\windows\system32\drivers\kgpcpy(2).cfg
c:\windows\system32\drivers\kgpfr2(4).cfg
c:\windows\system32\drivers\kgpcpy(4).cfg
c:\windows\uxyd.bat
c:\windows\emydomaky.sys
c:\documents and settings\All Users\Application Data\ufigan.bat
c:\windows\levemegy.com
c:\windows\ehyrib.reg
c:\windows\yxem.bin
c:\windows\cirubehu.reg
c:\windows\dinycufyby.bin



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 11 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says
The J2SE Runtime Environment (JRE) allows end-users to run Java applications.

Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version. Note: Uncheck MSN toolbar option if you don't want to install it.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.

Here is the ComboFix log - I will report back on the other updates / removals / installs:


ComboFix 08-12-03.04 - jc 2008-12-10 12:51:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.52 [GMT -5:00]
Running from: c:\documents and settings\jc\Desktop\ComboFxx.exe
Command switches used :: c:\documents and settings\jc\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\All Users\Application Data\ufigan.bat
c:\windows\cirubehu.reg
c:\windows\dinycufyby.bin
c:\windows\ehyrib.reg
c:\windows\emydomaky.sys
c:\windows\levemegy.com
c:\windows\system32\drivers\kgpcpy(2).cfg
c:\windows\system32\drivers\kgpcpy(3).cfg
c:\windows\system32\drivers\kgpcpy(4).cfg
c:\windows\system32\drivers\kgpcpy(5).cfg
c:\windows\system32\drivers\kgpcpy(6).cfg
c:\windows\system32\drivers\kgpfr2(2).cfg
c:\windows\system32\drivers\kgpfr2(3).cfg
c:\windows\system32\drivers\kgpfr2(4).cfg
c:\windows\system32\drivers\kgpfr2(5).cfg
c:\windows\system32\drivers\kgpfr2(6).cfg
c:\windows\uxyd.bat
c:\windows\yxem.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ufigan.bat
c:\windows\cirubehu.reg
c:\windows\dinycufyby.bin
c:\windows\ehyrib.reg
c:\windows\emydomaky.sys
c:\windows\levemegy.com
c:\windows\system32\drivers\kgpcpy(2).cfg
c:\windows\system32\drivers\kgpcpy(3).cfg
c:\windows\system32\drivers\kgpcpy(4).cfg
c:\windows\system32\drivers\kgpcpy(5).cfg
c:\windows\system32\drivers\kgpcpy(6).cfg
c:\windows\system32\drivers\kgpfr2(2).cfg
c:\windows\system32\drivers\kgpfr2(3).cfg
c:\windows\system32\drivers\kgpfr2(4).cfg
c:\windows\system32\drivers\kgpfr2(5).cfg
c:\windows\system32\drivers\kgpfr2(6).cfg
c:\windows\uxyd.bat
c:\windows\yxem.bin

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-04 14:28 . 2008-12-04 15:05 <DIR> d-------- c:\program files\iTunes
2008-12-04 14:28 . 2008-12-04 14:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-04 12:34 . 2008-12-04 12:34 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-04 12:34 . 2008-12-04 14:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-04 10:51 . 2008-12-04 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-12-04 10:50 . 2008-12-04 10:50 <DIR> d-------- c:\program files\STOPzilla!
2008-12-04 10:50 . 2008-12-04 10:50 <DIR> d-------- c:\program files\Common Files\iS3
2008-12-04 10:50 . 2008-12-10 12:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2008-11-13 13:24 . 2008-11-13 13:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 13:24 . 2008-11-13 13:24 <DIR> d-------- c:\documents and settings\jc\Application Data\Malwarebytes
2008-11-13 13:24 . 2008-11-13 13:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 13:24 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 13:24 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-12 12:58 . 2008-11-12 12:58 <DIR> d-------- C:\rsit
2008-11-12 10:17 . 2008-11-12 10:17 <DIR> d-------- c:\program files\Trend Micro
2008-11-11 14:35 . 2008-11-11 14:35 364,544 -ra------ c:\windows\system32\IS3DBA5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\DIGStream
2008-12-04 19:29 --------- d-----w c:\program files\iPod
2008-11-11 20:32 --------- d-----w c:\program files\Google
2008-10-25 16:42 --------- d-----w c:\program files\ESPNRunTime
2008-10-25 16:42 --------- d-----w c:\program files\DIGStream
2008-10-25 16:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-25 16:42 --------- d-----w c:\program files\Common Files\Apple
2008-10-25 16:42 --------- d-----w c:\program files\Common Files\Adobe
2008-10-25 16:42 --------- d-----w c:\program files\Bonjour
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-02-01 03:39 60,424 ----a-w c:\documents and settings\jc\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-12-04_ 9.54.50.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-12-04 19:33:18 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
- 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-07-19 02:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
- 2008-07-19 02:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 02:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 02:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 02:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 02:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-08 18:27:30 49,664 ----a-r c:\windows\system32\drivers\SZKG.sys
+ 2008-09-29 18:03:14 708,608 ----a-r c:\windows\system32\IS3Base5.dll
+ 2008-09-29 18:07:28 61,440 ----a-r c:\windows\system32\IS3Hks5.dll
+ 2008-09-29 18:08:36 126,976 ----a-r c:\windows\system32\IS3HTUI5.dll
+ 2008-09-29 18:06:30 94,208 ----a-r c:\windows\system32\IS3Inet5.dll
+ 2008-09-29 18:06:18 90,112 ----a-r c:\windows\system32\IS3Svc5.dll
+ 2008-09-29 18:07:44 372,736 ----a-r c:\windows\system32\IS3UI5.dll
+ 2008-09-29 18:06:52 212,992 ----a-r c:\windows\system32\IS3Win325.dll
+ 2008-09-29 18:07:08 23,040 ----a-r c:\windows\system32\IS3XDat5.dll
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2008-11-27 09:48:03 39,992 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-10 17:29:32 39,992 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-27 09:48:03 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-10 17:29:32 311,604 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-10-23 15:00:54 278,528 ----a-r c:\windows\system32\SZBase5.dll
- 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-09-02 100056]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-10-31 278528]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-10-31 101888]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-01-31 366400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-04-05 82026]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 szkg5;szkg;c:\windows\system32\DRIVERS\szkg.sys [2008-10-08 49664]
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-12-06 c:\windows\Tasks\Norton AntiVirus - Scan my computer - jc.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 11:20]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FireFox -: Profile - c:\documents and settings\jc\Application Data\Mozilla\Firefox\Profiles\rpxuh5ty.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://news.google.com/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF -: plugin - c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 12:53:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\jc\LOCALS~1\Temp\Perflib_Perfdata_69c.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(576)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
Completion time: 2008-12-10 12:55:29
ComboFix-quarantined-files.txt 2008-12-10 17:55:04
ComboFix2.txt 2008-12-04 14:55:40

Pre-Run: 38,127,300,608 bytes free
Post-Run: 38,149,197,824 bytes free

239 --- E O F --- 2008-12-04 21:04:46

I downloaded Java Runtime Environment (JRE) 6 Update 11 and then attempted to remove both of the following Java applications currently on my machine:

Java Runtime Environment 5.0 Update 10
Java Runtime Environment 5.0 Update 3

When attempting to remove both, a message came up saying "Fatal Error During Installation"

So you know, the .exe of Java Runtime Environment (JRE) 6 Update 11 is on my desktop - I have not attempted to install per your instruction until after any current Java applications are deleted.

Also, I have removed the current Adobe Reader on my system and will download the suggested programs.

I downloaded the updated Adobe Reader from File Hippo and attempted to install - said there was a problem during install (checksum error).

Hi

In order to get rid of Java versions please download and use Windows Installer CleanUp Utility by following instructions here (http://support.microsoft.com/kb/290301).

Please download Adobe Reader file again. It's probably corrupted and that's why you get the error.

I have removed the old Java installs and replaced with the most current. Also, I have upgraded to the newest Adobe Reader.

When I run the Kaspersky Scanner will not run all the way through and produce a report. I let this run for over three hours on two different occasions.

Hi

Let's see if you can make ESET online scanner work instead :santa:

* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a new HijackThis log & a description of any remaining problems

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.