Help with antivirus removal RUNTIME ERROR 0 & 440 (Hijack this log included)

Hello,

Some how I have downloaded this virus called 'advanced virus remover'. It has been on my computer for atleast 2 weeks. The first time it was on it, I ran malewarebytes several times, and then realized I had not update it. After I did, I did a full scan, it seemed that the program was gone. This was last Monday. Pop-ups slowly came back as Internet explorer is running and tonight suddenly Advanced virus remover was back. I tried to use MWB again to remove it- there was a new version I needed to DL for it to work. I tried to DL it and now I am gettin runtime errors '0' and '440'.

NOw, I don't know what else to do. I read up on different postings regarding this problem that other people also had. Many help guides recommended running Hijack this. I followed the instruction for someone else who had the same problem and posted here. Here is my hijackthis log- anyhelp is appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:43 PM, on 12/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\nav\DefWatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\nav\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\nav\Rtvscan.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\nav\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\winupdate86.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AdvancedVirusRemover\AVR.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwlax.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\nav\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vabakuzuz] Rundll32.exe "c:\windows\system32\tilamuga.dll",a
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\AVR.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco\Clean Access\CCAAgent.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236787505140
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\memikudi.dll bibasivo.dll c:\windows\system32\rubafila.dll c:\windows\system32\haseneza.dll c:\windows\system32\kubuwiwu.dll c:\windows\system32\tilamuga.dll c:\windows\system32\guzahune.dll
O21 - SSODL: ropawojij - {53a0c447-ec90-4d23-8602-e06107061437} - (no file)
O21 - SSODL: hihusezug - {4b7042d7-c465-4b0f-89ab-d4b64578a68a} - (no file)
O21 - SSODL: derorelor - {a2312859-94ae-4df5-aafb-03d87691a330} - (no file)
O21 - SSODL: bizeruvet - {ba3b2942-60ff-4c1e-bd33-a21cc59624b4} - (no file)
O21 - SSODL: juserekos - {4b2f88dc-741c-4726-b4c6-3679d9984354} - c:\windows\system32\guzahune.dll
O21 - SSODL: piyubihep - {05e484dd-191d-464f-b1f0-7b46da3f625e} - c:\windows\system32\guzahune.dll
O21 - SSODL: mowehudun - {3a32edf9-c427-43ca-9080-3a1dfbcf1eca} - c:\windows\system32\guzahune.dll
O21 - SSODL: laladanoh - {f3ec315c-4ce9-46d8-bb32-ff211b14518f} - c:\windows\system32\guzahune.dll
O22 - SharedTaskScheduler: jugezatag - {53a0c447-ec90-4d23-8602-e06107061437} - (no file)
O22 - SharedTaskScheduler: gahurihor - {4b7042d7-c465-4b0f-89ab-d4b64578a68a} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {a2312859-94ae-4df5-aafb-03d87691a330} - (no file)
O22 - SharedTaskScheduler: gahurihor - {ba3b2942-60ff-4c1e-bd33-a21cc59624b4} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {4b2f88dc-741c-4726-b4c6-3679d9984354} - c:\windows\system32\guzahune.dll
O22 - SharedTaskScheduler: gahurihor - {05e484dd-191d-464f-b1f0-7b46da3f625e} - c:\windows\system32\guzahune.dll
O22 - SharedTaskScheduler: jugezatag - {3a32edf9-c427-43ca-9080-3a1dfbcf1eca} - c:\windows\system32\guzahune.dll
O22 - SharedTaskScheduler: tokatiluy - {f3ec315c-4ce9-46d8-bb32-ff211b14518f} - c:\windows\system32\guzahune.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\nav\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\nav\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\nav\Rtvscan.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 17055 bytes

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

ComboFix 09-12-06.09 - Owner 12/06/2009 23:58.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1427 [GMT -6:00]
Running from: c:\documents and settings\Owner\desktop\commy.exe
Command switches used :: /stepdel
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\AdvancedVirusRemover
c:\program files\Common Files\dunys.inf
c:\program files\Common Files\hypa.inf
c:\recycler\S-1-5-21-115078429-1587953384-2187281902-1003
c:\recycler\S-1-5-21-1760932159-2773793870-4211112602-1003
c:\recycler\S-1-5-21-1935655697-688789844-725345543-1003
c:\recycler\S-1-5-21-2040411749-1653860849-4256272528-1003
c:\recycler\S-1-5-21-2983245545-561358137-1651675007-1003
c:\documents and settings\All Users\Application Data\hagosimip.inf
c:\documents and settings\All Users\Application Data\yfip.inf
c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Owner\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\Owner\Local Settings\Application Data\oxosymehu.bat
c:\documents and settings\Owner\Local Settings\Application Data\pojuze.inf
c:\documents and settings\Owner\Start Menu\Advanced Virus Remover.lnk
c:\program files\AdvancedVirusRemover\AVR.exe
c:\recycler\S-1-5-21-115078429-1587953384-2187281902-1003\desktop.ini
c:\recycler\S-1-5-21-115078429-1587953384-2187281902-1003\INFO2
c:\recycler\S-1-5-21-1760932159-2773793870-4211112602-1003\desktop.ini
c:\recycler\S-1-5-21-1760932159-2773793870-4211112602-1003\INFO2
c:\recycler\S-1-5-21-1935655697-688789844-725345543-1003\desktop.ini
c:\recycler\S-1-5-21-1935655697-688789844-725345543-1003\INFO2
c:\recycler\S-1-5-21-2040411749-1653860849-4256272528-1003\desktop.ini
c:\recycler\S-1-5-21-2040411749-1653860849-4256272528-1003\INFO2
c:\recycler\S-1-5-21-2983245545-561358137-1651675007-1003\desktop.ini
c:\recycler\S-1-5-21-2983245545-561358137-1651675007-1003\INFO2
c:\windows\qovaniri.dll
c:\windows\setup.exe
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\29358.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\basupowa.dll
c:\windows\system32\bibasivo.dll
c:\windows\system32\bivemufi.dll.tmp
c:\windows\system32\bujivisi.dll
c:\windows\system32\critical_warning.html
c:\windows\system32\fafimowu.dll
c:\windows\system32\fapalogo.dll
c:\windows\system32\feyajute.dll
c:\windows\system32\fokujuwu.dll
c:\windows\system32\fovisuga.dll
c:\windows\system32\gesulodu.dll
c:\windows\system32\guzahune.dll
c:\windows\system32\hagotama.dll
c:\windows\system32\hedafatu.dll.tmp
c:\windows\system32\hehataye.dll
c:\windows\system32\hiboyihe.dll
c:\windows\system32\hugekoja.dll
c:\windows\system32\jevodode.dll
c:\windows\system32\jihipabe.dll
c:\windows\system32\jiwahase.dll
c:\windows\system32\juvejoyu.dll
c:\windows\system32\kegovahe.dll
c:\windows\system32\lowehizi.dll
c:\windows\system32\medonivo.dll
c:\windows\system32\mihudehu.dll
c:\windows\system32\muyonuvu.dll
c:\windows\system32\namiviko.dll
c:\windows\system32\nekeyazo.dll
c:\windows\system32\nobefuse.dll
c:\windows\system32\nuwuwufu.dll
c:\windows\system32\panifiye.dll
c:\windows\system32\patafudi.dll
c:\windows\system32\pefuwiwi.dll
c:\windows\system32\perevuze.dll
c:\windows\system32\rejemufa.dll
c:\windows\system32\reponeze.dll
c:\windows\system32\ribayiro.dll
c:\windows\system32\rigowoke.dll
c:\windows\system32\rikeleju.dll
c:\windows\system32\rimayabi.dll
c:\windows\system32\rimoneso.dll
c:\windows\system32\sumobeti.dll.tmp
c:\windows\system32\takoyevi.dll
c:\windows\system32\tekunijo.dll
c:\windows\system32\tilamuga.dll
c:\windows\system32\tinonere.dll.tmp
c:\windows\system32\twain_32.dll
c:\windows\system32\vaseyoyo.dll
c:\windows\system32\veyevida.dll.tmp
c:\windows\system32\vusilina.dll
c:\windows\system32\vuvimama.dll
c:\windows\system32\vuzofafu.dll
c:\windows\system32\wajivepe.dll
c:\windows\system32\wasakale.dll
c:\windows\system32\winhelper86.dll
c:\windows\system32\winlogon86.exe
c:\windows\system32\winupdate86.exe
c:\windows\system32\yidatome.dll
c:\windows\system32\zewadora.dll
c:\windows\system32\zotapugi.dll
c:\windows\system32\zuvetowe.dll.tmp
c:\windows\Tasks\asbyyjxk.job
c:\windows\Tasks\gamsyvqq.job
c:\windows\Tasks\xdurxxlz.job
c:\windows\ubaheda._sy
c:\windows\ubiv.exe

----- BITS: Possible infected sites -----

hxxp://77.74.48.111
.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-03 22:21 . 2009-12-03 22:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-12-03 22:01 . 2009-12-04 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-03 22:00 . 2009-12-04 00:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-03 21:58 . 2009-12-03 22:00 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 05:11 . 2006-06-18 20:58 -------- d-----w- c:\program files\Trend Micro
2009-12-07 04:32 . 2006-10-06 15:48 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-12-06 19:18 . 2008-08-28 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-05 06:22 . 2009-08-18 03:50 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-12-05 04:41 . 2007-07-12 05:58 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2009-12-03 01:30 . 2009-08-25 23:01 -------- d-----w- c:\program files\World of Warcraft
2009-11-29 18:44 . 2007-10-15 23:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-11-21 20:53 . 2009-02-14 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-04 20:25 . 2008-08-07 02:09 94592 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-04 15:06 . 2006-06-18 21:00 -------- d-----w- c:\program files\Microsoft Works
2009-10-31 02:12 . 2009-09-24 23:45 143976 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-10-31 02:12 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-10-31 02:12 . 2009-10-31 02:12 1794456 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2009-10-18 01:00 . 2008-09-26 04:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-09-25 07:19 . 2009-09-25 07:19 75648 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-25 02:30 . 2009-09-25 02:30 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-24 23:45 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-09-24 23:45 . 2009-09-24 23:44 1407680 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-09-14 14:15 . 2009-09-14 14:15 12885 ----a-w- c:\windows\system32\odihez.com
2009-09-14 14:15 . 2009-09-14 14:15 12703 ----a-w- c:\documents and settings\All Users\Application Data\humo.bin
2009-09-14 14:15 . 2009-09-14 14:15 10168 ----a-w- c:\windows\jukumal.dat
2009-09-14 04:38 . 2009-09-14 04:38 19335 ----a-w- c:\windows\system32\ivirewaso.bin
2009-09-14 04:38 . 2009-09-14 04:38 16804 ----a-w- c:\program files\Common Files\ymywasosaf._dl
2009-09-14 04:38 . 2009-09-14 04:38 16488 ----a-w- c:\windows\system32\kesideq.bin
2009-09-14 04:38 . 2009-09-14 04:38 14267 ----a-w- c:\program files\Common Files\jekonoho.pif
2009-09-14 04:38 . 2009-09-14 04:38 14100 ----a-w- c:\documents and settings\All Users\Application Data\ogowig.dll
2009-09-14 04:38 . 2009-09-14 04:38 14100 ----a-w- c:\documents and settings\All Users\Application Data\ogowig.dll
2009-09-14 04:38 . 2009-09-14 04:38 13926 ----a-w- c:\program files\Common Files\bopybodifi.db
2009-09-14 04:38 . 2009-09-14 04:38 13478 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\bori.sys
2009-09-14 04:38 . 2009-09-14 04:38 11611 ----a-w- c:\program files\Common Files\goxujivy._sy
2009-09-14 04:38 . 2009-09-14 04:38 10756 ----a-w- c:\windows\system32\upoq.scr
2009-09-11 14:03 . 2005-12-17 23:54 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-27 06:37 . 2009-08-27 06:37 61952 --sha-w- c:\windows\system32\kemuruwu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-08 7557120]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-10 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-10 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-10 569413]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-25 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-25 118784]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-14 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2005-11-09 1335808]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\nav\VPTray.exe" [2005-11-15 85744]
"nwiz"="nwiz.exe" [2007-04-27 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-08 86016]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Owner\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-3-14 2756608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2006-06-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-11-09 00:49 39936 ----a-w- c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli fusstub

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\akiranian7488@hotmail.com\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Sony\\VAIO Original Screen Saver\\VAIO Original Screen Saver.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Sony\\VAIO Camera Utility\\VCUServe.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3784:TCP"= 3784:TCP:WoW
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:wow2
"6999:TCP"= 6999:TCP:wow
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [12/17/2005 5:55 PM 9216]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/13/2009 6:44 PM 717296]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [11/8/2005 6:51 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [11/8/2005 6:51 PM 33024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/29/2009 10:09 PM 55152]
R2 SavRoam;SAVRoam;c:\nav\SavRoam.exe [11/15/2005 12:27 PM 169200]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 11:35 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [8/31/2009 11:39 AM 102448]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/17/2005 5:55 PM 29312]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [12/17/2005 5:55 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [12/17/2005 5:55 PM 217472]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Owner\LOCALS~1\Temp\HZV10.tmp --> c:\docume~1\Owner\LOCALS~1\Temp\HZV10.tmp [?]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/17/2005 5:55 PM 36352]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SONYCPU
*Deregistered* - SonyCPU
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uwlax.edu/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

BHO-{25cc742f-09b1-4be0-ac09-06cfee2536e8} - rimoneso.dll
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-vabakuzuz - c:\windows\system32\tilamuga.dll
HKLM-Run-ponarazufa - hehataye.dll
SharedTaskScheduler-{53a0c447-ec90-4d23-8602-e06107061437} - (no file)
SharedTaskScheduler-{4b7042d7-c465-4b0f-89ab-d4b64578a68a} - (no file)
SharedTaskScheduler-{a2312859-94ae-4df5-aafb-03d87691a330} - (no file)
SharedTaskScheduler-{ba3b2942-60ff-4c1e-bd33-a21cc59624b4} - (no file)
SharedTaskScheduler-{4b2f88dc-741c-4726-b4c6-3679d9984354} - c:\windows\system32\guzahune.dll
SharedTaskScheduler-{05e484dd-191d-464f-b1f0-7b46da3f625e} - c:\windows\system32\guzahune.dll
SharedTaskScheduler-{3a32edf9-c427-43ca-9080-3a1dfbcf1eca} - c:\windows\system32\guzahune.dll
SharedTaskScheduler-{f3ec315c-4ce9-46d8-bb32-ff211b14518f} - c:\windows\system32\tilamuga.dll
SSODL-ropawojij-{53a0c447-ec90-4d23-8602-e06107061437} - (no file)
SSODL-hihusezug-{4b7042d7-c465-4b0f-89ab-d4b64578a68a} - (no file)
SSODL-derorelor-{a2312859-94ae-4df5-aafb-03d87691a330} - (no file)
SSODL-bizeruvet-{ba3b2942-60ff-4c1e-bd33-a21cc59624b4} - (no file)
SSODL-juserekos-{4b2f88dc-741c-4726-b4c6-3679d9984354} - c:\windows\system32\guzahune.dll
SSODL-piyubihep-{05e484dd-191d-464f-b1f0-7b46da3f625e} - c:\windows\system32\guzahune.dll
SSODL-mowehudun-{3a32edf9-c427-43ca-9080-3a1dfbcf1eca} - c:\windows\system32\guzahune.dll
SSODL-laladanoh-{f3ec315c-4ce9-46d8-bb32-ff211b14518f} - c:\windows\system32\tilamuga.dll
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 00:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A63A1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\atapi -> 0x8a63a1f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Owner\LOCALS~1\Temp\HZV10.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(1284)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll

- - - - - - - > 'explorer.exe'(2036)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\nav\DefWatch.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\nav\Rtvscan.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\msiexec.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-07 00:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 06:19

Pre-Run: 3,525,718,016 bytes free
Post-Run: 3,392,659,456 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5AC31384459361E0D6A1150D106755D2

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I had to run this scan in two parts. Due to Automatic updates trying to restart my computer, and me needing to go to bed, I paused the scan at 20mins the first time, deleted what it found. my 2nd post is after restart- full scan:

Malwarebytes' Anti-Malware 1.42
Database version: 3308
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

12/7/2009 12:55:43 AM
mbam-log-2009-12-07 (00-55-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 67137
Time elapsed: 20 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kemuruwu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.42
Database version: 3308
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

12/7/2009 12:55:43 AM
mbam-log-2009-12-07 (00-55-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 67137
Time elapsed: 20 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kemuruwu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Please run Trend Micro Housecall online scan.

• Click Scan now.
  
• Read and put a Check next to Yes I accept the terms of use.
  
• Click the Launching HouseCall>> button.
  
• If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  
• You may receive a Security Warning about the TrendMicro Java applet, click YES.
  
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  
• Please be patient while it installs, updates, and scans your system.
  
• Once the scan is complete, it will take you to the summary page.
  
• Under Cleanup options, choose clean all detected infections automatically.
  
• Click the Clean now>> button.
  
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

Hey Dragonmaster Jay,

I ran the house call and it said no threat was found!

Thank you so much for all your help with this situation. I very much appreciate it

Best,

Andrew

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.