Hi, I recently acquired this malware and have used spybot S&D, TDSS Killer, Malwarebytes anti-malware, and symantec's backdoor.tidserv removal tool (because in Norton the malware showed up as backdoor.tidserv) to try and take out this malware. One of those must have worked because I have run spybot and Malwarebytes Anti-Malware scans and it is saying no infection detected. However I do still get the occasional redirect to a website I wasn't intending to go to, especially on google. Here is the DDS logs and the link to the previous thread I started:http://forums.spybot.info/showthread.php?t=62700

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Valued Customer at 10:05:41.10 on Mon 05/16/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2043.1211 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Program DJ\Dualview Server\dualviewsvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Program DJ\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Program DJ\Wireless Switch\WLSS.exe
C:\Program Files\Program DJ\Program DJ\PdjAssistant.exe
C:\Program Files\Program DJ\Green Charger\GCTray.exe
C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\WSZ.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alarm Clock\alarmclock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Valued Customer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WheresJames Startup Manager] c:\program files\wheresjames\startupmgr\StartupMgr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10m_Plugin.exe -update plugin
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [WLSS] c:\program files\program dj\wireless switch\WLSS.exe
mRun: [PdjAssistant] c:\program files\program dj\program dj\PdjAssistant.exe
mRun: [GCTray] c:\program files\program dj\green charger\GCTray.exe
mRun: [Wow Video&Audio] c:\program files\program dj\wow video&audio\WVAMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Protector Suite QL] c:\program files\protector suite ql\psqltray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\valued customer\start menu\programs\startup\WSZ.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{28e0f0a8-e555-4077-a6e1-63dbf2b29d32}\Icon6560581611.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WSZ.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {498B6563-F313-4B03-8323-E79AD21537D3} = 208.67.220.220,208.67.222.222
Filter: text/html - {26111323-9a71-4861-b8a8-f7a2130e31ac} -
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: PGPmapih.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli psqlpwd PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\a3uaen4i.default\
FF - prefs.js: network.proxy.ftp - 217.194.213.31
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 217.194.213.31
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 217.194.213.31
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 217.194.213.31
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 217.194.213.31
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {7BB8177F-BE0A-4B14-9C1A-809BD54B73C4} - c:\documents and settings\valued customer\local settings\application data\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Save Session: - %profile%\extensions\savesession@noasobi.net
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Firebug: - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zotero: - %profile%\extensions\zotero@chnm.gmu.edu
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-4-23 9856]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2009-12-17 136312]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2009-12-17 13432]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 DualView Server;DualView Server Service;c:\program files\program dj\dualview server\dualviewsvc.exe [2008-5-23 126976]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\program dj\smart watchdog\SWDsvc.exe [2008-4-14 208896]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [2008-5-6 20352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-13 81296]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110516.002\NAVENG.SYS [2011-5-16 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110516.002\NAVEX15.SYS [2011-5-16 1393144]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-6-19 38304]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-5-2 1251720]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S2 fwzzghwlx;fwzzghwlx;\??\c:\windows\system32\drivers\xbjhzsxoztwvuot.sys --> c:\windows\system32\drivers\xbjhzsxoztwvuot.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-11-21 23096]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [2011-3-10 26930]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-12-31 42112]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-11-21 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-11-21 3768]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-11-21 200704]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
.
=============== Created Last 30 ================
.
2011-05-13 07:44:51 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{18241f7f-a6ff-4296-a8d0-beed1c13fee2}\mpengine.dll
2011-05-11 04:39:28 164345 ----a-w- c:\windows\Gulfstream V Uninstaller.exe
2011-05-06 03:32:08 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-05 00:22:17 0 ----a-w- c:\windows\Npodowohonevo.bin
2011-05-05 00:22:15 -------- d-----w- c:\docume~1\valued~1\locals~1\applic~1\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
2011-05-02 23:47:50 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-05-02 23:47:02 -------- d-----w- c:\program files\common files\xing shared
2011-05-02 23:46:35 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-05-02 23:46:03 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
.
==================== Find3M ====================
.
2011-05-02 23:45:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-02 23:45:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-10 01:03:37 816 ----a-w- c:\windows\system32\ker.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00:28 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00:27 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 10:08:01.39 ===============

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
Soulseek

I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Post fresh dds logs when done.

Those programs were not the cause of the infection and I will not be uninstalling them.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Valued Customer at 18:39:06.85 on Wed 06/01/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2043.779 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Program DJ\Dualview Server\dualviewsvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Program DJ\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Program DJ\Wireless Switch\WLSS.exe
C:\Program Files\Program DJ\Program DJ\PdjAssistant.exe
C:\Program Files\Program DJ\Green Charger\GCTray.exe
C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WSZ.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\Firewall\FWCfg.exe
C:\Documents and Settings\Valued Customer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WheresJames Startup Manager] c:\program files\wheresjames\startupmgr\StartupMgr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [WLSS] c:\program files\program dj\wireless switch\WLSS.exe
mRun: [PdjAssistant] c:\program files\program dj\program dj\PdjAssistant.exe
mRun: [GCTray] c:\program files\program dj\green charger\GCTray.exe
mRun: [Wow Video&Audio] c:\program files\program dj\wow video&audio\WVAMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Protector Suite QL] c:\program files\protector suite ql\psqltray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\valued customer\application data\leadertech\powerregister\Seagate Product Registration.exe
StartupFolder: c:\documents and settings\valued customer\start menu\programs\startup\WSZ.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{28e0f0a8-e555-4077-a6e1-63dbf2b29d32}\Icon6560581611.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WSZ.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {498B6563-F313-4B03-8323-E79AD21537D3} = 208.67.220.220,208.67.222.222
Filter: text/html - {26111323-9a71-4861-b8a8-f7a2130e31ac} -
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: PGPmapih.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli psqlpwd PGPpwflt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\a3uaen4i.default\
FF - prefs.js: network.proxy.ftp - 217.194.213.31
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 217.194.213.31
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 217.194.213.31
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 217.194.213.31
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 217.194.213.31
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\valued customer\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\a3uaen4i.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {7BB8177F-BE0A-4B14-9C1A-809BD54B73C4} - c:\documents and settings\valued customer\local settings\application data\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Save Session: savesession@noasobi.net - %profile%\extensions\savesession@noasobi.net
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-4-23 9856]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2009-12-17 136312]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2009-12-17 13432]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 DualView Server;DualView Server Service;c:\program files\program dj\dualview server\dualviewsvc.exe [2008-5-23 126976]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R2 Smart Watchdog;Smart Watchdog Service;c:\program files\program dj\smart watchdog\SWDsvc.exe [2008-4-14 208896]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 DualViewFilter;DualViewFilter;c:\windows\system32\drivers\DualviewFilter.sys [2008-5-6 20352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-13 81296]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110530.020\NAVENG.SYS [2011-5-30 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110530.020\NAVEX15.SYS [2011-5-30 1542392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-6-19 38304]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-5-17 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-11-21 3768]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-5-2 1251720]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S2 fwzzghwlx;fwzzghwlx;\??\c:\windows\system32\drivers\xbjhzsxoztwvuot.sys --> c:\windows\system32\drivers\xbjhzsxoztwvuot.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-11-21 23096]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [2011-3-10 26930]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-12-31 42112]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2011-5-17 200704]
S3 STSService;STSService;"c:\program files\soundtaxi media suite\stsservice.exe" --> c:\program files\soundtaxi media suite\STSService.exe [?]
.
=============== Created Last 30 ================
.
2011-05-27 08:08:02 6962000 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{da423d87-723a-46c3-b573-bd4152af2661}\mpengine.dll
2011-05-24 07:10:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\MemeoCommon
2011-05-24 07:07:25 -------- d-----w- c:\docume~1\valued~1\applic~1\Memeo
2011-05-24 07:07:07 -------- d-----w- c:\docume~1\valued~1\applic~1\Seagate
2011-05-24 07:06:13 -------- d-----w- c:\program files\common files\Memeo
2011-05-24 07:06:06 -------- d-----w- c:\program files\Memeo
2011-05-24 07:05:25 -------- d-----w- c:\program files\Seagate
2011-05-17 18:31:07 3768 ----a-w- c:\windows\system32\SndTVideo.sys
2011-05-17 18:31:07 23096 ----a-w- c:\windows\system32\SndTAudio.sys
2011-05-17 18:31:07 23096 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2011-05-17 18:31:07 200704 ----a-w- c:\windows\system32\snmvtsvc.exe
2011-05-17 18:31:07 10936 ----a-w- c:\windows\system32\SndTVideo.dll
2011-05-17 18:31:06 -------- d-----w- c:\program files\SoundTaxi
2011-05-17 17:53:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 04:39:28 164345 ----a-w- c:\windows\Gulfstream V Uninstaller.exe
2011-05-06 03:32:08 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-05 00:22:17 0 ----a-w- c:\windows\Npodowohonevo.bin
2011-05-05 00:22:15 -------- d-----w- c:\docume~1\valued~1\locals~1\applic~1\{7BB8177F-BE0A-4B14-9C1A-809BD54B73C4}
.
==================== Find3M ====================
.
2011-05-02 23:45:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-02 23:45:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-10 01:03:37 816 ----a-w- c:\windows\system32\ker.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 18:46:23.26 ===============

Those programs were not the cause of the infection and I will not be uninstalling them.
Well, if you aren't willing to follow the policy then you'll have to go seek help from elsewhere. This topic is now archived.