Trojan.Zlob.g help

I had been recently attack by this trojan . At work and while i was serving the customer and came back on my computer, it was automatically restarted.
Then the pop up from windows announced the firewall blocked the following Trojan which only left me with one choice out of three oddly. I tried to scan my computer with my spy ware, antivirus and so but was not detected. So if you can please help me remove this Trojan. Much be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:55 PM, on 07/12/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\lxdicoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheridaninstitute.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217028022283
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217028011647
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\System32\lxdicoms.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Hello.
I'm not even gonna attempt cleaning this yet, you are running XP WITHOUT any service pack what-so-ever. As soon as this is clean, you'll be instantly infected again.
Before we even do anything, we need to get SP1 on this machine.

Download and install SP1a from here:
http://download.microsoft.com/download/5/4/f/54f8bcf8-bb4d-4613-8ee7-db69d01735ed/xpsp1a_en_x86.exe

Once that is done, then we can try and clean it.

Ok thank you. I have it installed now.

What is the next step?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:56 PM, on 2008-12-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\lxdicoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\WINDOWS\system32\CF25267.exe
C:\-Combo-Fix-\ComboFix-Download.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheridaninstitute.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217028022283
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217028011647
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\System32\lxdicoms.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

Thank you, now lets see what's going on.

Hello.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts, but select NO when asked to install the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

I apologize but accidentally pressed the to install the recovery console. [i know i am a complete noob] Will this drastically change something?

here is the log:

ComboFix 08-12-06.06 - Administrator 2008-12-07 16:29:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.441 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\-Combo-Fix-.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\Google\kjzna1562565.exe
c:\windows\system32\a.exe
c:\windows\system32\paytime.exe
c:\windows\system32\xpysys.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 16:26 . 2008-12-07 16:32 d-------- C:\-Combo-Fix-
2008-12-07 16:02 . 2002-08-29 02:20 115,200 --a------ c:\windows\system32\dpcdll.dll
2008-12-07 15:59 . 2002-08-29 03:41 1,677,312 --------- c:\windows\system32\wmvcore2.dll
2008-12-07 15:58 . 2002-08-29 03:40 1,180,672 --a------ c:\windows\system32\d3d8.dll
2008-12-07 15:56 . 2002-08-29 03:39 1,998,848 --a------ c:\windows\system32\wmploc.dll
2008-12-07 15:53 . 2002-06-14 18:46 19,274 --a------ c:\windows\001256_.tmp
2008-12-07 13:39 . 2008-10-08 16:29 28,672 --a------ c:\windows\system32\drivers\RKHit.sys
2008-12-03 20:33 . 2008-12-03 20:33 d-------- c:\program files\CoffeeCup Software
2008-12-03 20:33 . 2008-12-03 20:33 d-------- c:\documents and settings\Administrator\Application Data\CoffeeCup Software
2008-12-03 10:39 . 2008-12-03 10:39 d-------- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development
2008-11-29 11:47 . 2008-11-29 11:47 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-29 11:47 . 2008-11-29 11:47 1,409 --a------ c:\windows\QTFont.for
2008-11-19 11:17 . 2008-11-19 11:17 268 --ah----- C:\sqmdata13.sqm
2008-11-19 11:17 . 2008-11-19 11:17 244 --ah----- C:\sqmnoopt13.sqm
2008-11-18 11:37 . 2008-11-18 11:37 268 --ah----- C:\sqmdata12.sqm
2008-11-18 11:37 . 2008-11-18 11:37 244 --ah----- C:\sqmnoopt12.sqm
2008-11-12 13:45 . 2008-11-12 13:45 d-------- c:\program files\Common Files\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 21:18 --------- d-----w c:\program files\MSN Messenger
2008-11-30 23:28 --------- d-----w c:\program files\BitLord
2008-11-28 15:35 --------- d-----w c:\program files\Veoh Networks
2008-11-17 06:51 --------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2008-11-17 06:50 --------- d-----w c:\program files\QuickTime Alternative
2008-11-05 16:51 --------- d-----w c:\program files\DivX
2008-10-29 18:48 --------- d-----w c:\program files\iTunes
2008-10-29 18:48 --------- d-----w c:\program files\iPod
2008-10-29 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-29 18:40 --------- d-----w c:\program files\Apple Software Update
2008-10-29 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-29 01:52 3,532 ----a-w C:\drmHeader.bin
2008-10-28 22:54 --------- d-----w c:\program files\Winamp
2008-10-28 22:54 --------- d-----w c:\documents and settings\Administrator\Application Data\Winamp
2008-10-24 22:08 --------- d-----w c:\program files\PaintTool SAI English Pack
2008-10-20 20:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-20 20:24 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-20 20:24 --------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-10-20 20:03 65,536 ----a-w c:\windows\DUMP3031.tmp
2008-10-20 20:02 65,536 ----a-w c:\windows\DUMP2f37.tmp
2008-10-20 18:27 --------- d-----w c:\program files\Trend Micro
2008-10-20 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-10-20 14:56 --------- d-----w c:\documents and settings\Administrator\Application Data\Grisoft
2008-10-20 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-10-19 14:09 --------- d-----w c:\program files\IObit
2008-10-19 14:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-19 12:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-17 00:25 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-17 00:25 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
1999-07-07 00:00 6 -csh--r c:\windows\@desktop@.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-04 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 94208]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-27 271672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-24 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Belkin Wireless Utility.lnk - c:\program files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe [2008-07-04 1523712]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-05-29 77824]

R2 lxdi_device;lxdi_device;c:\windows\System32\lxdicoms.exe -service []
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2008-07-24 99248]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2008-07-04 17149]
S3 RkHit;RkHit;\??\c:\windows\System32\drivers\RKHit.sys [2008-12-07 28672]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 13:15]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Smax4 - c:\documents and settings\Administrator\Application Data\Google\kjzna1562565.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sheridaninstitute.ca/
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gjj8bloh.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF -: plugin - c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF -: plugin - c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 16:32:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\System32\ODBC32.dll
c:\windows\System32\msctfime.ime
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\tabhook.dll

- - - - - - - > 'lsass.exe'(816)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\lxdicoms.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-07 16:35:14 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-12-07 21:35:12

Pre-Run: 18,828,152,832 bytes free
Post-Run: 18,758,324,224 bytes free

winxpsp1_en_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

177 --- E O F --- 2008-11-13 13:51:41

Now open a new notepad file.
Input this into the notepad file:

Driver::
RkHit

File::
c:\windows\001256_.tmp
c:\windows\system32\drivers\RKHit.sys
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\drmHeader.bin
c:\windows\DUMP3031.tmp
c:\windows\DUMP2f37.tmp
c:\windows\@desktop@.dat

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 08-12-06.06 - Administrator 2008-12-07 16:52:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.521 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\-Combo-Fix-.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\drmHeader.bin
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
c:\windows\@desktop@.dat
c:\windows\001256_.tmp
c:\windows\DUMP2f37.tmp
c:\windows\DUMP3031.tmp
c:\windows\system32\drivers\RKHit.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\drmHeader.bin
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
c:\windows\@desktop@.dat
c:\windows\001256_.tmp
c:\windows\DUMP2f37.tmp
c:\windows\DUMP3031.tmp
c:\windows\system32\drivers\RKHit.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT
-------\Service_RkHit


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 16:51 . 2008-12-07 16:55 d-------- C:\-Combo-Fix-
2008-12-07 16:02 . 2002-08-29 02:20 115,200 --a------ c:\windows\system32\dpcdll.dll
2008-12-07 15:59 . 2002-08-29 03:41 1,677,312 --------- c:\windows\system32\wmvcore2.dll
2008-12-07 15:58 . 2002-08-29 03:40 1,180,672 --a------ c:\windows\system32\d3d8.dll
2008-12-07 15:56 . 2002-08-29 03:39 1,998,848 --a------ c:\windows\system32\wmploc.dll
2008-12-03 20:33 . 2008-12-03 20:33 d-------- c:\program files\CoffeeCup Software
2008-12-03 20:33 . 2008-12-03 20:33 d-------- c:\documents and settings\Administrator\Application Data\CoffeeCup Software
2008-12-03 10:39 . 2008-12-03 10:39 d-------- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development
2008-11-29 11:47 . 2008-11-29 11:47 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-29 11:47 . 2008-11-29 11:47 1,409 --a------ c:\windows\QTFont.for
2008-11-12 13:45 . 2008-11-12 13:45 d-------- c:\program files\Common Files\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 21:18 --------- d-----w c:\program files\MSN Messenger
2008-11-30 23:28 --------- d-----w c:\program files\BitLord
2008-11-28 15:35 --------- d-----w c:\program files\Veoh Networks
2008-11-17 06:51 --------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2008-11-17 06:50 --------- d-----w c:\program files\QuickTime Alternative
2008-11-05 16:51 --------- d-----w c:\program files\DivX
2008-10-29 18:48 --------- d-----w c:\program files\iTunes
2008-10-29 18:48 --------- d-----w c:\program files\iPod
2008-10-29 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-29 18:40 --------- d-----w c:\program files\Apple Software Update
2008-10-29 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-28 22:54 --------- d-----w c:\program files\Winamp
2008-10-28 22:54 --------- d-----w c:\documents and settings\Administrator\Application Data\Winamp
2008-10-24 22:08 --------- d-----w c:\program files\PaintTool SAI English Pack
2008-10-20 20:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-20 20:24 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-20 20:24 --------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-10-20 18:27 --------- d-----w c:\program files\Trend Micro
2008-10-20 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-10-20 14:56 --------- d-----w c:\documents and settings\Administrator\Application Data\Grisoft
2008-10-20 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-10-19 14:09 --------- d-----w c:\program files\IObit
2008-10-19 14:00 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-19 12:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-17 00:25 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-17 00:25 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-07_16.34.49.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 21:20:51 59,448 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-07 21:33:44 59,448 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-07 21:20:51 393,506 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-07 21:33:44 393,506 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-07 21:31:49 12,958 ----a-w c:\windows\system32\wacom.dat
+ 2008-12-07 21:54:47 12,958 ----a-w c:\windows\system32\wacom.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-04 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 94208]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-27 271672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-24 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Belkin Wireless Utility.lnk - c:\program files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe [2008-07-04 1523712]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-05-29 77824]

R2 lxdi_device;lxdi_device;c:\windows\System32\lxdicoms.exe -service []
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2008-07-24 99248]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2008-07-04 17149]
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 13:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sheridaninstitute.ca/
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gjj8bloh.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF -: plugin - c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF -: plugin - c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 16:55:10
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\System32\ODBC32.dll
c:\windows\System32\msctfime.ime
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\tabhook.dll

- - - - - - - > 'lsass.exe'(808)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\lxdicoms.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-12-07 16:57:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 21:57:56
ComboFix2.txt 2008-12-07 21:35:15

Pre-Run: 19,778,355,200 bytes free
Post-Run: 19,770,015,744 bytes free

183 --- E O F --- 2008-11-13 13:51:41

Looks good now, what problems remain?

Thank thank thank you. It seems fine now. Thank you for all the help.

Okay, then please update to SP2/SP3.

Please visit this website:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en
And download SP3 and install it.

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.