Had to Run combofix first, renamed theshit, to get malwarebytes to work. Here are all my logs.

ComboFix 09-02-27.02 - Owner 2009-02-27 21:49:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.818 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\theshit.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090130201404984.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090130202118250.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090130203251500.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090130204940546.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090131083958937.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090131133004640.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090201082324718.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090201092717437.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090201112030109.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090201165806203.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090206085926000.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090206091138078.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090206171544437.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090227192755265.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
c:\windows\system32\6746APU6.exe.a_a
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\msxml71.dll
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsihc.dll
c:\windows\system32\TDSStkdu.log
c:\windows\system32\TDSSxfum.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-01-31 14:04 . 2009-01-31 14:04 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-01-30 20:15 . 2009-02-27 21:50 112,624 --a------ c:\windows\system32\drivers\c59ee31b.sys
2009-01-30 20:14 . 2009-01-30 20:14 15,000 --a------ c:\windows\system32\gsdrgfdrrgnd.dll
2009-01-30 20:13 . 2009-02-27 21:32 77,824 --a------ c:\windows\system32\6746APU6.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 01:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 01:29 --------- d-----w c:\program files\BigFix
2009-01-15 23:01 --------- d-----w c:\documents and settings\Owner\Application Data\Viewpoint
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d5bf4552-94f1-42bd-f434-3604812c807d}]
2009-01-30 20:14 15000 --a------ c:\windows\system32\gsdrgfdrrgnd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-03-11 135168]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-09-10 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-31 7561216]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 c:\windows\ALCWZRD.EXE]
"CHotkey"="zHotkey.exe" [2004-05-18 c:\windows\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 c:\windows\ShowWnd.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{D5BF4552-94F1-42BD-F434-3604812C807D}"= "c:\windows\system32\gsdrgfdrrgnd.dll" [2009-01-30 15000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

.
Contents of the 'Scheduled Tasks' folder

2009-01-31 c:\windows\Tasks\At1.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-06 c:\windows\Tasks\At10.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At11.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At12.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At13.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At14.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At15.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At16.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At17.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At18.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At19.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At2.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At20.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At21.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At22.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At23.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At24.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At25.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At26.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At27.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At28.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At29.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At3.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At30.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At31.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At32.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At33.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-06 c:\windows\Tasks\At34.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At35.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At36.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At37.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At38.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At39.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At4.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At40.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At41.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At42.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At43.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At44.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At45.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At46.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At47.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At48.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At49.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At5.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At50.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At51.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At52.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At53.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At54.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At55.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At56.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At57.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-06 c:\windows\Tasks\At58.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At59.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At6.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At60.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At61.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At62.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At63.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At64.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At65.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At66.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At67.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At68.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At69.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At7.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At70.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At71.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-01 c:\windows\Tasks\At72.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At73.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At74.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At75.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At76.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At77.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At78.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At79.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At8.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At80.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At81.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At82.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At83.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At84.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At85.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At86.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At87.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At88.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At89.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-01-31 c:\windows\Tasks\At9.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At90.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At91.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]

2009-02-28 c:\windows\Tasks\At92.job
- c:\windows\system32\6746APU6.exe [2009-02-27 21:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MS AntiSpyware 2009 - c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
HKU-Default-Run-tezrtsjhfr84iusjfo84f - c:\windows\TEMP\csrssc.exe
HKU-Default-Run-smpxe4l6buuo74j15exdrcn1293fkqam1k2nte4rjl6 - c:\windows\TEMP\zm88l0n.exe
HKU-Default-Run-hdn91vxqs - c:\windows\TEMP\fgyfzy8tn2dd.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 21:50:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c59ee31b]
"ImagePath"="\SystemRoot\System32\drivers\c59ee31b.sys"
.
Completion time: 2009-02-27 21:51:32
ComboFix-quarantined-files.txt 2009-02-28 03:51:30

Pre-Run: 151,245,631,488 bytes free
Post-Run: 151,670,665,216 bytes free

298 --- E O F --- 2009-01-14 11:24:11


Malwarebytes' Anti-Malware 1.34
Database version: 1812
Windows 5.1.2600 Service Pack 2

2/27/2009 10:05:43 PM
mbam-log-2009-02-27 (22-05-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 90356
Time elapsed: 8 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\gsdrgfdrrgnd.dll (Trojan.Downloader) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d5bf4552-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf4552-94f1-42bd-f434-3604812c807d} (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf4552-94f1-42bd-f434-3604812c807d} (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf4552-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gsdrgfdrrgnd.dll (Trojan.Zlob.H) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe.vir (Rogue.MSAntispyware) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSbrsr.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqh.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSxfum.dll.vir (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{7514DDF7-E082-4FB6-9635-49B7303C51BF}\RP78\A0010225.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{7514DDF7-E082-4FB6-9635-49B7303C51BF}\RP78\A0010226.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{7514DDF7-E082-4FB6-9635-49B7303C51BF}\RP78\A0010227.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{7514DDF7-E082-4FB6-9635-49B7303C51BF}\RP78\A0010228.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{7514DDF7-E082-4FB6-9635-49B7303C51BF}\RP78\A0010247.exe (Rogue.MSAntispyware) -> No action taken.
C:\WINDOWS\system32\6746APU6.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\c59ee31b.sys (Rootkit.Agent) -> No action taken.


Malwarebytes' Anti-Malware 1.34
Database version: 1812
Windows 5.1.2600 Service Pack 2

2/27/2009 10:08:21 PM
mbam-log-2009-02-27 (22-08-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 90356
Time elapsed: 8 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\gsdrgfdrrgnd.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d5bf4552-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf4552-94f1-42bd-f434-3604812c807d} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf4552-94f1-42bd-f434-3604812c807d} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf4552-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gsdrgfdrrgnd.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe.vir (Rogue.MSAntispyware) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSbrsr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSxfum.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7514DDF7-E082-4FB6-9635-49B7303C51BF}\RP78\A0010225.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7514DDF7-E082-4FB6-9635-49B7303C51BF}\RP78\A0010226.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7514DDF7-E082-4FB6-9635-49B7303C51BF}\RP78\A0010227.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7514DDF7-E082-4FB6-9635-49B7303C51BF}\RP78\A0010228.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7514DDF7-E082-4FB6-9635-49B7303C51BF}\RP78\A0010247.exe (Rogue.MSAntispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6746APU6.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\drivers\c59ee31b.sys (Rootkit.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:24 PM, on 2/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [uwhufzk8ykc1oj24hiqpf1i25msn7gh] C:\WINDOWS\TEMP\lp8vsa7s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hq3n62jsmmhjvirrekpekvbkq65rf0i2qnk] C:\WINDOWS\TEMP\ywmkz3hhjkdz.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [uwhufzk8ykc1oj24hiqpf1i25msn7gh] C:\WINDOWS\TEMP\lp8vsa7s.exe (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 4310 bytes


Whats next?

Reboot the computer again and run MBAM again. Check for updates and scan again and post back that log.


Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Update
• When the update is complete, select the Scanner tab
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Here is my last log. This computer needs all the critical update from microsoft ie SP3, IE7 and such. Suold I wait until we are done here or can I go ahead and install the updates?

Malwarebytes' Anti-Malware 1.34
Database version: 1812
Windows 5.1.2600 Service Pack 2

2/28/2009 6:10:16 AM
mbam-log-2009-02-28 (06-10-16).txt

Scan type: Quick Scan
Objects scanned: 56634
Time elapsed: 1 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please run the following.

Click on START - RUN and type in or copy/paste DEL c:\windows\Tasks\At*.JOB

Then update your Anti-Virus and do a Full Scan and let me know if it finds anything or not.

nothing was found by my anti virus. Thank you for your help.

Highly recommend updating from IE6 to IE7 which is more secure. Also upgrade to SP3 for XP.


Great, all looks good now.

I'll close your post soon so that other don't post into it and leave you with this information and suggestions.

So how did I get infected in the first place?

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.
Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• Check Turn off System Restore.
• Click Apply, and then click OK.
• Reboot.

Turn ON System Restore

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• UN-Check *Turn off System Restore*.
• Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install hpHosts
Download it from here
hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,
tracking and malicious websites. This prevents your computer from connecting to these untrusted sites
by redirecting them to 127.0.0.1 which is your own local computer.
hpHosts Support Forum

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note 1: If you are running Windows XP SP2, you should upgrade to SP3.
Note 2: Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.
The security suite can then be reinstalled afterwards.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.
I recommend Online Armor Free

A little outdated but good reading on how to prevent Malware

Keep safe online and happy surfing.



Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions


Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help
If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org