Name of infection not known

Please find below a copy of the HijackThis notepad results.
Some of the problems include "Windows has encountered a problem...." window appears repeatedly when the computer is started, numerous unknown files have been created in the Documents and Settings folder and at irregular moments a black window appears with a white cursor which jumps around the screen. Any advice/ help gratefully received.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:32, on 03/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\629S5WAB\winlogon[1].scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.24.1.237:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Toshiba Controls Utility] "C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220866509265
O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} (CPlayFirstGreatChocoControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-the-great-chocolate-chase/greatchocolatechaseweb.1.0.0.12.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-delicious-deluxe/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} (CPlayFirstParkingDasControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-parking-dash/parkingdash.1.0.0.10.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 10666 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

A copy of the notepad file before the computer has been restarted

Malwarebytes' Anti-Malware 1.41
Database version: 2907
Windows 5.1.2600 Service Pack 3

04/10/2009 22:54:33
mbam-log-2009-10-04 (22-54-33).txt

Scan type: Quick Scan
Objects scanned: 122276
Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67mad6m8-1mad-81ad-mad6-32op5g1234521} (Trojan.Refroso) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{12lop3s8-1vrx-81vs-jkl6-61op5g7774441} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Feast\Ival (Trojan.Refroso) -> Delete on reboot.

Files Infected:
C:\Feast\Ival\Feast.exe (Trojan.Refroso) -> Delete on reboot.
C:\KALBA\MAAFENA\LAXOURY.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\User\awa.exe (Backdoor.Poison) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\awsa.exe (Backdoor.Poison) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\dqexaxste.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\dqxaqxste.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\w71y5.exe (Backdoor.Poison) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\629S5WAB\flower[1].gif (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\LN1H427X\Feast[1].gif (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Feast\Ival\desKtOp.InI (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\asdssdsd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Copy of log after the computer has been restarted.
Immediately following restart, window appeared repeatedly saying windows explorer encountered a problem and needs to close.

Malwarebytes' Anti-Malware 1.40
Database version: 2738
Windows 5.1.2600 Service Pack 3

04/09/2009 09:10:34
mbam-log-2009-09-04 (09-10-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 153142
Time elapsed: 35 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-00we-aax5-77ef1d187332} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RESTORE\H-6-1-53-0976546321-090909032-8763-1337 (Worm.AutoRun) -> Delete on reboot.

Files Infected:
C:\RESTORE\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe (Generic.Bot.H) -> Delete on reboot.
C:\RESTORE\H-6-1-53-0976546321-090909032-8763-1337\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\e8e1a9f4z6x1.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\g7l2d1f1x1w3.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\l3e7j3r5i7a3.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\o3n7u8i6u7x2.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\o5e5e5m7q4m7.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\t1n5p7e7z9c2.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\v9q2k6z8x6d4.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\w7f9s5d4d5g5.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

Incase I didn't say so before, thank you very much for the assiatnce that has been offered to this point, below is a copy of the DDS.txt

DDS (Ver_09-09-29.01) - NTFSx86
Run by User at 17:37:14.65 on 05/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1461 [GMT 1:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 172.24.1.237:8080
uInternet Settings,ProxyOverride = *.local;
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Toshiba Controls Utility] "c:\program files\toshiba\controls\VolumeIndicator.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220866509265
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://aolsvc.aol.com/onlinegames/free-trial-the-great-chocolate-chase/greatchocolatechaseweb.1.0.0.12.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.co.uk/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-delicious-deluxe/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} - hxxp://aolsvc.aol.com/onlinegames/free-trial-parking-dash/parkingdash.1.0.0.10.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2008-9-15 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2008-9-15 35584]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2008-10-23 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-10-23 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2008-10-23 172032]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-4-3 732160]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-3 48600]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-5-29 6912]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-4-3 288000]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-10-23 14976]

=============== Created Last 30 ================

2009-10-04 22:40 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 22:40 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-04 22:40 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 22:36 49,197 a------- c:\documents and settings\user\p4q4g57q8.exe
2009-10-04 22:35 49,197 a------- c:\documents and settings\user\u4u6j39j3.exe
2009-10-04 22:35 49,197 a------- c:\documents and settings\user\p7d7f73x8.exe
2009-10-04 22:35 49,197 a------- c:\documents and settings\user\d3p8o64s5.exe
2009-10-03 20:09 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-03 19:49 49,197 a------- c:\documents and settings\user\b6i9f59h8.exe
2009-10-03 19:49 49,197 a------- c:\documents and settings\user\c5e4p55y4.exe
2009-10-03 19:48 49,197 a------- c:\documents and settings\user\l3w9v77z3.exe
2009-10-03 19:48 49,197 a------- c:\documents and settings\user\n3e9c43b8.exe
2009-10-03 10:43 49,197 a------- c:\documents and settings\user\q8q2n88y8.exe
2009-10-03 10:43 49,197 a------- c:\documents and settings\user\l9h3i88g6.exe
2009-10-03 10:43 49,197 a------- c:\documents and settings\user\w4y7w65c3.exe
2009-10-03 10:43 49,197 a------- c:\documents and settings\user\j5p7e52r9.exe
2009-10-01 21:01 --d----- c:\docume~1\alluse~1\applic~1\GameHouse
2009-10-01 20:28 57,344 a------- c:\documents and settings\user\eqxste.exe
2009-10-01 20:26 49,197 a------- c:\documents and settings\user\x8g7t72i7.exe
2009-10-01 20:15 49,197 a------- c:\documents and settings\user\v5k1s22x6.exe
2009-10-01 20:11 --dshr-- C:\jim
2009-10-01 20:11 57,344 a------- c:\documents and settings\user\dqqxste.exe
2009-10-01 20:11 57,344 a------- c:\documents and settings\user\daxste.exe
2009-10-01 20:11 49,197 a------- c:\documents and settings\user\w9k3o58v8.exe
2009-10-01 20:11 49,197 a------- c:\documents and settings\user\d7t3g77n7.exe
2009-09-26 21:32 49,197 a------- c:\documents and settings\user\am9a2u37q3.exe
2009-09-22 18:04 2,459 a------- c:\documents and settings\user\rrhweq.exe
2009-09-22 18:04 2,459 a------- c:\documents and settings\user\mrrheaq.exe
2009-09-20 12:50 --dshr-- C:\Feast
2009-09-16 17:38 26,669 a------- c:\documents and settings\user\aaawsa.exe
2009-09-14 16:41 26,669 a------- c:\documents and settings\user\aawsa.exe
2009-09-14 16:41 --dshr-- C:\MAD
2009-09-14 16:40 90,112 a------- c:\documents and settings\user\dqxaxste.exe
2009-09-14 16:38 26,669 a------- c:\documents and settings\user\qrhweq.exe
2009-09-14 16:36 --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-11 17:41 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-07 14:03 32,656 a------- c:\windows\system32\msonpmon.dll
2009-09-07 13:56 --d----- c:\program files\Microsoft Visual Studio 8

==================== Find3M ====================

2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2008-09-15 09:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080915\index.dat
2008-09-15 09:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

============= FINISH: 17:37:27.70 ===============

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Java(TM) 6 Update 3
Java(TM) 6 Update 7

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\documents and settings\user\p4q4g57q8.exe
  c:\documents and settings\user\u4u6j39j3.exe
  c:\documents and settings\user\p7d7f73x8.exe
  c:\documents and settings\user\d3p8o64s5.exe
  c:\documents and settings\user\b6i9f59h8.exe
  c:\documents and settings\user\c5e4p55y4.exe
  c:\documents and settings\user\l3w9v77z3.exe
  c:\documents and settings\user\n3e9c43b8.exe
  c:\documents and settings\user\q8q2n88y8.exe
  c:\documents and settings\user\l9h3i88g6.exe
  c:\documents and settings\user\w4y7w65c3.exe
  c:\documents and settings\user\j5p7e52r9.exe
  c:\documents and settings\user\eqxste.exe
  c:\documents and settings\user\x8g7t72i7.exe
  c:\documents and settings\user\v5k1s22x6.exe
  c:\documents and settings\user\dqqxste.exe
  c:\documents and settings\user\daxste.exe
  c:\documents and settings\user\w9k3o58v8.exe
  c:\documents and settings\user\d7t3g77n7.exe
  c:\documents and settings\user\am9a2u37q3.exe
  c:\documents and settings\user\rrhweq.exe
  c:\documents and settings\user\mrrheaq.exe
  c:\documents and settings\user\aaawsa.exe
  c:\documents and settings\user\aawsa.exe
  c:\documents and settings\user\dqxaxste.exe
  c:\documents and settings\user\qrhweq.exe
  
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Hello again. In between frequently closing a black window which has the following information in the title bar - C:\DOCUME~1\USER\ DQXAQX~1.EXE and a white rectangular cursor jumping all over, I have run OTM and below I have pasted the results.

========== FILES ==========
c:\documents and settings\user\p4q4g57q8.exe moved successfully.
c:\documents and settings\user\u4u6j39j3.exe moved successfully.
c:\documents and settings\user\p7d7f73x8.exe moved successfully.
c:\documents and settings\user\d3p8o64s5.exe moved successfully.
c:\documents and settings\user\b6i9f59h8.exe moved successfully.
c:\documents and settings\user\c5e4p55y4.exe moved successfully.
c:\documents and settings\user\l3w9v77z3.exe moved successfully.
c:\documents and settings\user\n3e9c43b8.exe moved successfully.
c:\documents and settings\user\q8q2n88y8.exe moved successfully.
c:\documents and settings\user\l9h3i88g6.exe moved successfully.
c:\documents and settings\user\w4y7w65c3.exe moved successfully.
c:\documents and settings\user\j5p7e52r9.exe moved successfully.
c:\documents and settings\user\eqxste.exe moved successfully.
c:\documents and settings\user\x8g7t72i7.exe moved successfully.
c:\documents and settings\user\v5k1s22x6.exe moved successfully.
c:\documents and settings\user\dqqxste.exe moved successfully.
c:\documents and settings\user\daxste.exe moved successfully.
c:\documents and settings\user\w9k3o58v8.exe moved successfully.
c:\documents and settings\user\d7t3g77n7.exe moved successfully.
c:\documents and settings\user\am9a2u37q3.exe moved successfully.
c:\documents and settings\user\rrhweq.exe moved successfully.
c:\documents and settings\user\mrrheaq.exe moved successfully.
c:\documents and settings\user\aaawsa.exe moved successfully.
c:\documents and settings\user\aawsa.exe moved successfully.
c:\documents and settings\user\dqxaxste.exe moved successfully.
c:\documents and settings\user\qrhweq.exe moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 10052009_212345

Hello.
Do you still get any funny things happening now? this infection looks new to me, but doesn't appear to be resistant yet, just generally annoying.

So far so good.....
Thank you so much for your help, I will definitely spread the word and certainly make a donation.
Thank you again!

Hello.
DDS says Sophos is outdated, please update it now!