Trouble with a virus? Have hijackthis log.

Hello. I am new here and have been doing some reading.

Hi ,do a little more reading ,start with the first sticky note at the top of the previous page titled.!
"Read me before posting a request for assistance"

a few program to run before scaning and posting a hijackthis log ! good luck

Here is the link that caperjack is referring to
http://www.daniweb.com/forums/thread134865.html
Also, please turn off the SpyBot TeaTimer as it can interfere with any fixes attempted. To do this open the program and go up to Mode. Choose Advanced. Then go to Tools and then choose Resident. When that opens take the check mark OUT of TeaTimer.
Close the program. Reboot the computer.
Begin the steps in the link above. Ignore the portion about Deckard Scanner, it isn't available anymore.
Do especially the MBA-M scan and be sure to have it remove everything found.
Reboot the computer after you run MBA-M
Then do the ESET Scanner and also have it remove everything found. The instructions in the link say not to do that but I would prefer than you do have it remove.
Save the logs for both programs. Then run a new HJT scan and save the log.
Post back here with all three logs.
Judy

Thank you for the information. I will read what is in the link and follow the steps. Thanks again!!!!

OK. I ran the Windows Malicious Software
Removal Tool, ATF-Cleaner, Malwarebytes' Anti-Malware, ESET Online Scanner, and HijackThis. I think I still have a problem. I have XP, I use AVG, and I use the Windows Firewall. Well, at random times, AVG will put up an alert saying that there is an infection: Trojan horse Clicker.VMS and the path to it is C:\svchost.exe. When this pops up, the firewall is shut down, and I have to start it again. Here are the logs, I followed the steps in Read Me Before Posting, hopefully somebody can help.
Thanks

Malwarebytes' Anti-Malware 1.32
Database version: 1623
Windows 5.1.2600 Service Pack 2

1/6/2009 6:10:48 AM
mbam-log-2009-01-06 (06-10-48).txt

Scan type: Full Scan (C:\|)
Objects scanned: 111966
Time elapsed: 1 hour(s), 9 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Update.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
____________________________________________________

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3742 (20090106)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=f91d9786077f8549b46ee4445bfea2a0
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-06 01:04:35
# local_time=2009-01-06 07:04:35 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=236441
# found=0
# scan_time=2689
____________________________________________________

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
Apple Software Update
AVG Free 8.0
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Command & Conquer 3
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
EarthLink setup files
ESET Online Scanner
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2005-10-12
iTunes
J2SE Runtime Environment 5.0 Update 2
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (August 2008)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
Napster
Napster Burn Engine
NetZeroInstallers
Photo Click
PowerDVD 5.3
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sid Meier's Civilization 4
SiGi 1.0 Beta
Sonic DLA
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
Spybot - Search & Destroy
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Viewpoint Media Player
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Beta 2
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WordPerfect Office 12
____________________________________________________

Here is the the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:31 AM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdplu.exe] C:\WINDOWS\system32\kdplu.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Msn] c:\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [MsnHost] c:\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [MsnLoad] c:\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [MsnConvert] c:\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [MsnMessendger] c:\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnLoad] c:\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnConvert] c:\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Msn] c:\svchost.exe (User 'Default user')
O8 - Extra context menu item: Send to phone (myPhoneFiles.com) - C:\Program Files\SiGi - MyPhoneFiles.com Desktop Extension\mpfexe.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 7998 bytes
___________________________________________________________

Thanks again for your help

Download SDFix
double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
A window will now open showing SDFix being extracted into the C:\SDFix folder. Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
* Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.

5. When you are at the logon prompt, log in as the same user that you had performed the previous steps as.

* When your computer has started in safe mode, and you see the desktop, close all open Windows.

* Click on the Start button, click on the Run menu option, and type the following into the Open: field:

C:\SDFix\RunThis.bat

Then press the OK button.
The SDFix window will open containing some brief info and a disclaimer on the use of the tool, press the Y key on your keyboard and then press enter
SDFix will now start scanning your computer for known infections. This process can take a while, so you may want to do something else and periodically check back on the status of SDFix.
When the scanning process has finished you will see a new screen stating that you need to restart your computer in order to continue.
At this point you should press any key on your computer's keyboard in order to restart the computer.
After your computer reboots SDFix will automatically start and perform a last check.
You will now be presented with a screen stating that SDFix has finished.
At this point you should press any key on your computer's keyboard in order to continue to your desktop.

When you are back at your Windows desktop, the SDFix log will automatically be opened in notepad save the log and post back here with that log.

Thank you for your help jholland!!! I did what you said. Hopefully it will work. I will leave the computer running and see if the Firewall turns off again. I'll let you know that when the computer started up again, the firewall was off. But this time, the red shield warning came up telling me that the firewall wasn't running. It never did that any of the other times the firewall turned off. So hopefully that is a good thing. So I turned on the firewall, and here is the log.
Once again, thank you soooo much.

SDFix: Version 1.240
Run by Cass Mortenson on Tue 01/06/2009 at 01:18 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 13:39:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\DOCUME~1\\CASSMO~1\\LOCALS~1\\Temp\\60325cahp25cas.exe"="C:\\DOCUME~1\\CASSMO~1\\LOCALS~1\\Temp\\60325cahp25cas.exe:*:Enabled:Enabled"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files :

Files with Hidden Attributes :

Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL"
Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL"
Tue 27 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE"
Tue 27 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE"
Tue 17 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL"
Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS"
Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS"
Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS"
Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS"
Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE"
Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE"
Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE"
Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL"
Tue 27 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE"
Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL"
Wed 19 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL"
Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL"
Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL"
Tue 27 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE"
Tue 27 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE"
Tue 17 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL"
Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS"
Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS"
Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS"
Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS"
Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE"
Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE"
Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE"
Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL"
Tue 27 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE"
Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL"
Wed 19 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL"
Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Thu 28 Apr 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 9 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 9 Nov 2008 857 ...HR --- "C:\Documents and Settings\Cass Mortenson\Application Data\SecuROM\UserData\securom_v7_01.bak"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Cass Mortenson\Application Data\U3\temp\Launchpad Removal.exe"
Thu 28 Apr 2005 4,348 ...H. --- "C:\Documents and Settings\Cass Mortenson\My Documents\My Music\License Backup\drmv1key.bak"
Mon 29 Aug 2005 20 A..H. --- "C:\Documents and Settings\Cass Mortenson\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 27 Apr 2005 400 A.SH. --- "C:\Documents and Settings\Cass Mortenson\My Documents\My Music\License Backup\drmv2key.bak"
Fri 22 Apr 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Fri 22 Apr 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Tue 26 Apr 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Tue 26 Apr 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!

Tell you what, there is definitely "something" there because they are showing in your hjt log, these other programs aren't locating anything so it or they must be hiding.
Please do this:
Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.
* Windows will issue a prompt asking whether you wish to run the program, click Run

You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When all is complete then please post back here with that log.

I can't get Combofix to run. I have AVG and can't seen to get it to stop running. I close all of the processes for AVG, and then try to run Combofix. It says that AVG scanner is running. I go back into task mgr again and the processes are back. Shoul I just uninstall it so I can run Combofix?

Stop them all in Task Manager. Ctrl-Alt-Delete
Then highlight each AVG file and end process.

Yes, that is what I am doing. When I get all of the AVG processes out of there, I run Combofix. When it starts running, it comes up with a warning saying that AVG is running. I go back into task manager, and the processes for AVG are back. I'm confused.

These are the processes you should be stopping;
MsMpEng.exe
avgrsx.exe
avgemc.exe
avgtray.exe
When combofix gives this warning are you then stopping it or does it stop itself?

I end those processes, but they keep popping back up. Not sure what I am doing wrong. When Combofix gives the warning. I just exit out of it since AVG is still somehow running. I close the box where it will run, and then the box with the warning.

Are you stopping and then rebooting or stopping and then running combofix? You shouldn't reboot but go straight to combofix

OK. I finally got it to work. Here is the log.

ComboFix 09-01-05.05 - Cass Mortenson 2009-01-06 23:24:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.224 [GMT -6:00]
Running from: c:\documents and settings\Cass Mortenson\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\bszip.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-06 23:00 . 2004-08-04 00:56 116,224 --a------ c:\windows\SYSTEM32\DLLCACHE\xrxwiadr.dll
2009-01-06 23:00 . 2001-08-17 22:37 99,865 --a------ c:\windows\SYSTEM32\DLLCACHE\xlog.exe
2009-01-06 23:00 . 2004-08-04 04:00 28,288 --a------ c:\windows\SYSTEM32\DLLCACHE\xjis.nls
2009-01-06 23:00 . 2001-08-17 22:37 27,648 --a------ c:\windows\SYSTEM32\DLLCACHE\xrxftplt.exe
2009-01-06 23:00 . 2001-08-17 22:36 23,040 --a------ c:\windows\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2009-01-06 23:00 . 2001-08-17 22:36 17,408 --a------ c:\windows\SYSTEM32\DLLCACHE\xrxscnui.dll
2009-01-06 23:00 . 2001-08-17 22:37 4,608 --a------ c:\windows\SYSTEM32\DLLCACHE\xrxflnch.exe
2009-01-06 22:58 . 2001-08-17 13:28 765,884 --a------ c:\windows\SYSTEM32\DLLCACHE\usrti.sys
2009-01-06 22:57 . 2001-08-17 13:28 794,654 --a------ c:\windows\SYSTEM32\DLLCACHE\usr1801.sys
2009-01-06 22:56 . 2004-08-04 04:00 571,392 --a------ c:\windows\SYSTEM32\DLLCACHE\tintlgnt.ime
2009-01-06 22:55 . 2001-08-17 14:56 172,768 --a------ c:\windows\SYSTEM32\DLLCACHE\t2r4disp.dll
2009-01-06 22:54 . 2004-08-04 04:00 456,704 --a------ c:\windows\SYSTEM32\DLLCACHE\smtpsvc.dll
2009-01-06 22:53 . 2004-08-03 22:41 404,990 --a------ c:\windows\SYSTEM32\DLLCACHE\slntamr.sys
2009-01-06 22:52 . 2001-08-17 22:36 386,560 --a------ c:\windows\SYSTEM32\DLLCACHE\sgiul50.dll
2009-01-06 22:51 . 2001-08-17 22:36 495,616 --a------ c:\windows\SYSTEM32\DLLCACHE\sblfx.dll
2009-01-06 22:50 . 2001-08-17 13:28 899,146 --a------ c:\windows\SYSTEM32\DLLCACHE\r2mdkxga.sys
2009-01-06 22:49 . 2004-08-04 04:00 482,304 --a------ c:\windows\SYSTEM32\DLLCACHE\pintlgnt.ime
2009-01-06 22:48 . 2001-08-17 14:05 351,616 --a------ c:\windows\SYSTEM32\DLLCACHE\ovcodek2.sys
2009-01-06 22:47 . 2008-08-14 03:22 2,015,744 --a------ c:\windows\SYSTEM32\DLLCACHE\OLD4AE.tmp
2009-01-06 22:46 . 2004-08-04 04:00 1,875,968 --a------ c:\windows\SYSTEM32\DLLCACHE\msir3jp.lex
2009-01-06 22:45 . 2001-08-17 12:50 320,384 --a------ c:\windows\SYSTEM32\DLLCACHE\mgaum.sys
2009-01-06 22:44 . 2004-08-04 04:00 1,158,818 --a------ c:\windows\SYSTEM32\DLLCACHE\korwbrkr.lex
2009-01-06 22:43 . 2004-08-04 04:00 811,064 --a------ c:\windows\SYSTEM32\DLLCACHE\imjp81k.dll
2009-01-06 22:42 . 2004-08-04 04:00 13,463,552 --a------ c:\windows\SYSTEM32\DLLCACHE\hwxjpn.dll
2009-01-06 22:41 . 2001-08-17 13:28 542,879 --a------ c:\windows\SYSTEM32\DLLCACHE\hsf_msft.sys
2009-01-06 22:40 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\SYSTEM32\DLLCACHE\g400d.dll
2009-01-06 22:39 . 2001-08-17 12:17 629,952 --a------ c:\windows\SYSTEM32\DLLCACHE\eqn.sys
2009-01-06 22:38 . 2001-08-17 12:14 952,007 --a------ c:\windows\SYSTEM32\DLLCACHE\diwan.sys
2009-01-06 22:37 . 2001-08-17 22:36 419,357 --a------ c:\windows\SYSTEM32\DLLCACHE\dgconfig.dll
2009-01-06 22:36 . 2004-08-04 04:00 1,677,824 --a------ c:\windows\SYSTEM32\DLLCACHE\chsbrkr.dll
2009-01-06 22:35 . 2004-08-04 00:56 1,888,992 --a------ c:\windows\SYSTEM32\DLLCACHE\ati3duag.dll
2009-01-06 22:34 . 2009-01-06 22:47 <DIR> d-------- c:\windows\LastGood
2009-01-06 13:14 . 2009-01-06 13:15 <DIR> d-------- c:\windows\ERUNT
2009-01-06 13:03 . 2009-01-06 13:42 <DIR> d-------- C:\SDFix
2009-01-06 07:10 . 2009-01-06 07:10 <DIR> d-------- c:\program files\Trend Micro
2009-01-06 00:49 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-06 00:48 . 2009-01-06 00:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 00:48 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-06 00:26 . 2009-01-06 00:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-06 00:25 . 2009-01-06 00:56 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-06 00:25 . 2009-01-06 00:56 <DIR> d-------- c:\documents and settings\Cass Mortenson\Application Data\SUPERAntiSpyware.com
2009-01-05 20:47 . 2009-01-06 00:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-04 20:55 . 2009-01-04 21:19 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-04 20:51 . 2005-08-25 19:18 118,784 --a------ c:\windows\SYSTEM32\MSSTDFMT.DLL
2009-01-04 19:29 . 2005-09-20 09:31 135,168 --a------ c:\windows\SYSTEM32\igfxres.dll
2009-01-04 19:13 . 2009-01-04 19:13 <DIR> d-------- c:\windows\ie8updates
2009-01-04 18:50 . 2009-01-04 18:50 <DIR> d-------- c:\program files\Windows Defender
2009-01-04 15:10 . 2009-01-04 17:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-04 12:03 . 2009-01-04 12:03 <DIR> d--hs---- c:\documents and settings\Cass Mortenson\PrivacIE
2009-01-04 10:54 . 2009-01-04 10:57 <DIR> d--h-c--- c:\windows\ie8
2009-01-04 09:20 . 2009-01-06 06:18 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-04 08:11 . 2009-01-04 08:11 <DIR> d-------- c:\documents and settings\Cass Mortenson\Application Data\Malwarebytes
2009-01-04 08:11 . 2009-01-04 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 08:06 . 2008-10-16 14:09 31,768 --a------ c:\windows\SYSTEM32\wucltui.dll.mui
2009-01-04 08:06 . 2008-10-16 14:07 23,576 --a------ c:\windows\SYSTEM32\wuaucpl.cpl.mui
2009-01-04 08:06 . 2008-10-16 14:07 23,576 --a------ c:\windows\SYSTEM32\wuapi.dll.mui
2009-01-04 08:06 . 2008-10-16 14:07 18,456 --a------ c:\windows\SYSTEM32\wuaueng.dll.mui
2009-01-04 07:56 . 2009-01-04 07:56 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-04 07:34 . 2008-08-14 03:58 2,136,064 --a------ c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-01-04 07:34 . 2008-08-14 03:22 2,015,744 --a------ c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-01-04 07:34 . 2008-06-13 07:10 272,128 --------- c:\windows\SYSTEM32\DRIVERS\bthport.sys
2009-01-04 07:34 . 2008-06-13 07:10 272,128 --a------ c:\windows\SYSTEM32\DLLCACHE\bthport.sys
2009-01-04 00:05 . 2009-01-04 00:05 133,632 --a------ c:\windows\otesufol.dll
2009-01-03 21:22 . 2001-08-17 13:48 12,160 --a------ c:\windows\SYSTEM32\DRIVERS\mouhid.sys
2009-01-03 21:22 . 2001-08-17 13:48 12,160 --a------ c:\windows\SYSTEM32\DLLCACHE\mouhid.sys
2009-01-03 09:02 . 2009-01-06 00:09 <DIR> d-------- c:\documents and settings\Cass Mortenson\.housecall6.6
2009-01-02 19:23 . 2009-01-04 15:15 <DIR> d-------- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 05:14 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-06 18:45 8,098 ----a-w C:\bt.bat
2009-01-06 18:45 208 ----a-w C:\testfile.bat
2009-01-04 03:30 --------- d-----w c:\program files\Common Files\Apple
2009-01-03 02:11 --------- d-----w c:\program files\Free Offers from Freeze.com
2008-12-14 13:59 5,699,584 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-11-22 07:45 1,536 ----a-w C:\run.exe
2008-11-21 04:52 --------- d-----w c:\documents and settings\Cass Mortenson\Application Data\ZoomBrowser EX
2008-11-21 04:52 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-11-16 10:04 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-12 09:13 --------- d-----w c:\documents and settings\Cass Mortenson\Application Data\Viewpoint
2008-11-12 08:26 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-10 05:07 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-10 04:55 --------- d-----w c:\program files\Microsoft DirectX SDK (August 2008)
2008-11-10 04:44 120,328 ----a-w c:\windows\dxsdkuninst.exe
2008-11-10 03:53 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-09 10:15 --------- d-----w c:\program files\iTunes
2008-11-09 10:15 --------- d-----w c:\program files\iPod
2008-11-09 10:15 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-09 10:10 --------- d-----w c:\program files\QuickTime
2008-11-09 10:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-09 10:07 --------- d-----w c:\program files\Apple Software Update
2008-11-09 10:07 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-09 01:23 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-09 01:23 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-09 01:23 10,520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll
2008-11-09 01:23 --------- d-----w c:\program files\AVG
2008-10-24 11:10 453,632 ----a-w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-04 1261336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 06:51 306688 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 00:05 127035 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 15:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-09-20 09:32 77824 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-09-20 09:35 94208 c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 19:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-03-12 06:25 11776 c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-04-22 23:22 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 13:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-03-04 02:36 36975 c:\program files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2008-11-08 97928]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-08 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-08 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2008-11-08 76040]
S0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys --> c:\windows\system32\drivers\spssys.sys [?]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\ndisprot.sys [2008-11-16 27904]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - f:\resycled\boot.com f:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43d795e5-9e55-11dd-916c-00038a000015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - f:\resycled\boot.com f:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5872058a-aeb0-11db-9117-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a85de87-d9a6-11dd-918b-00038a000015}]
\Shell\AutoRun\command - F:\CDGO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd8c5f5-4a84-11da-90f0-00038a000015}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-c:\windows\system32\kdplu.exe - c:\windows\system32\kdplu.exe
SharedTaskScheduler-IPC Configuration Utility - (no file)
MSConfigStartUp-LKdtbFUQ - c:\windows\dfgeymvf.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\McAfee.com\Agent\McAgent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\McAfee.com\Agent\McUpdate.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MPSExe - c:\program files\McAfee.com\MPS\mscifapp.exe
MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~2.DLL
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-Send To Phone (myPhoneFiles - c:\program files\SiGi - MyPhoneFiles.com
MSConfigStartUp-SurfAccuracy - c:\program files\SurfAccuracy\SAcc.exe
MSConfigStartUp-TosGbWatcher - c:\program files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
MSConfigStartUp-vgt75712 - c:\windows\system32\vgt75712.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Send to phone (myPhoneFiles.com) - c:\program files\SiGi - MyPhoneFiles.com Desktop Extension\mpfexe.htm
Trusted Zone: online.musicmatch.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 23:27:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4107866487-2833784691-940513215-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:8d,aa,6d,87,57,12,8a,c8,ae,d0,95,6d,97,9d,18,e8,ce,48,d9,bf,0e,90,b6,\
f2,b8,a6,71,e3,a2,32,01,de,2a,d1,2d,3a,ec,bb,4f,c1,44,82,75,5e,c6,6b,6c,64,\
e0,27,63,a9,42,27,26,7d,e7,62,20,81,15,86,d3,08,53,14,b4,f8,9b,98,3b,68,89,\
eb,f7,91,60,5c,05,44,5b,63,6f,17,68,3f,ea,c9,5a,ed,17,72,35,6a,de,97,d8,4d,\
fb,1b,c9,cc,18,de,9f,a8,b2,d1,d4,18,7b,73,84,0e,49,49,e6,2d,4b,96,9f,08,ae,\
27,81,47,4a,76,76,5f,d9,54,85,21,55,62,95,59,ae,28,86,3d,ad,09,4e,cd,8d,13,\
12,1b,7f,15,6b,a9,3a,e6,64,39,0a,a7,fc,75,0d,c1,ac,60,44,be,b7,2b,63,25,1e,\
f3,ee,84,8d,89,e3,29,4e,53,88,20,59,5c,6c,b6,3d,63,16,d6,fb,2e,64,97,53,a4,\
fe,d9,eb,b1,f0,df,3d,a8,b1,9f,14,f6,50,45,53,8d,fc,91,c1,8c,36,bc,fd,39,f4,\
20,ff,48,0a,9e,4d,a9,ff,b8,e5,fe,47,d2,43,83,bb,9d,db,5a,cd,f9,3d,10,18,d5,\
0a,ca,14,47,26,3d,f6,62,21,24,7c,3d,59,32,ae,7f,65,75,88,99,6e,57,52,d7,60,\
c4,47,f4,92,af,77,67,1e,ee,f8,52,5c,09,ca,7a,94,13,74,b7,9d,56,84,ac,70,09,\
c3,11,b6,94,5d,55,68,14,84,a4,cc,62,3f,64,b3,a3,c0,a2,0a,bf,72,c3,eb,9f,6f,\
fd,18,0d,c8,57,41,0a,ff,09,93,7d,a3,ce,a8,35,cb,22,bf,33,85,3d,39,f7,52,24,\
46,1e,df,7a,96,c1,e5,5f,c2,4c,fd,4e,ef,f8,99,d3,04,bb,29,3f,64,cd,72,97,a1,\
71,3d,31,69,ab,a6,f2,cf,dc,81,8d,19,a8,9b,a0,e2,95,81,ff,01,5b,06,b2,18,b2,\
59,4b,5c,55,d5,d2,2e,eb,78,a1,9a,2b,b5,45,5d,16,63,61,bd,9b,f8,b1,3d,06,89,\
27,93,6a,5d,8f,b9,88,21,d1,5a,2f,f8,1f,73,1e,b7,39,c3,5c,3a,1f,69,fb,8f,f7,\
05,26,88,4a,d1,07,bd,54,3e,0e,93,48,39,31,d2,49,62,28,48,02,2e,81,10,cb,b1,\
41,9f,7a,19,3a,a4,ba,24,27,17,05,4e,f2,32,13,a0,64,1a,ef,17,d9,14,ec,dc,a8,\
b1,dd,08,11,f7,e0,8e,eb,c9,22,4e,80,93,5b,2c,b3,42,95,4a,f2,14,72,5b,2e,6b,\
02,db,d6,bf,aa,97,c9,ea,4e,cd,22,6f,1d,b5,88,8f,af,01,85,a6,05,c0,b0,9e,75,\
da,4d,ae,ed,64,f0,2b,60,bf,5a,03,5d,e6,c4,ad,a4,a6,82,9e,09,26,8c,64,92,34,\
30,eb,11,bf,ec,2a,0d,92,b4,69,1a,85,fb,79,66,3b,15,52,c1,b6,89,4f,8f,63,01,\
82,53,d7,9e,00,95,89,7e,9e,1c,65,ac,3f,d2,75,8c,63,9c,f3,78,7e,b9,8d,4c,9f,\
2c,04,f1,b4,e5,8b,d6,d9,67,56,b3,8a,ca,fa,c3,fc,c6,48,b9,65,1c,52,a6,a3,4f,\
5e,8e,c6,1a,58,26,08,e6,6a,6e,c8,52,22,73,01,cf,1f,e8,96,87,d6,61,21,8e,9e,\
62,aa,a6,d2,21,33,a0,05,99,ae,b4,32,71,81,98,e8,c5,fb,79,35,d3,ac,78,d3,ac,\
fd,f0,04,f1,7f,84,19,8a,e8,75,9d,b3,a9,48,37,79,8b,f9,a5,4d,d1,06,81,0d,fc,\
38,23,f1,58,97,b6,a5,df,00,aa,6e,8f,73,e2,94,43,a5,a5,d1,5d,44,bd,c7,fa,2d,\
80,5e,59,84,e5,6a,18,f5,01,93,62,fc,2d,db,1d,f9,ec,79,b6,c1,96,4b,1f,6e,04,\
b8,2c,95,7b,5a,06,37,f6,38,e9,fb,ee,d0,03,4b,21,ba,48,7d,72,12,90,10,d9,03,\
2c,01,f5,e8,a5,1a,d2,0e,97,43,86,f4,99,00,68,d7,2d,53,02,df,2e,98,30,cc,36,\
f4,7a,54,9b,c0,25,7f,fe,cd,a0,95,2b,15,7c,15,72,9a,97,01,dd,4f,cf,92,f4,a5,\
0c,f2,ea,ea,34,f2,fa,fa,3c
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
Completion time: 2009-01-06 23:29:08
ComboFix-quarantined-files.txt 2009-01-07 05:29:02

Pre-Run: 99,394,420,736 bytes free
Post-Run: 99,387,195,392 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

308 --- E O F --- 2009-01-05 19:08:57

And also, not too long after Combofix was done, AVG popped up with the Trojan horse Clicker.VMS again and the firewall shut down.
Thank you for helping. I don't know if I should just try a different firewall or not.

Exactly what firewall are you using?
There are several programs you need to uninstall, as shown in your combofix log.
Free Offers from Freeze.com
Viewpoint Media Player.
Look for those first in Add/Remove.
If you don't find them there then look here;
c:\program files\Free Offers from Freeze.com
c:\documents and settings\Cass Mortenson\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint
Reboot the computer. Update MBA-M and then run a full system scan and have it remove everything found.
Reboot the computer and run a new HJT scan and post back with both logs.

I am using the Windows firewall. I ran MBA-M and HJT again. Here they are.

Malwarebytes' Anti-Malware 1.32
Database version: 1629
Windows 5.1.2600 Service Pack 2

1/7/2009 3:45:06 PM
mbam-log-2009-01-07 (15-45-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 116159
Time elapsed: 1 hour(s), 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\msn (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\msnhost (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\msnload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\msnconvert (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\msnmessendger (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
___________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:10 PM, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Send to phone (myPhoneFiles.com) - C:\Program Files\SiGi - MyPhoneFiles.com Desktop Extension\mpfexe.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6096 bytes

Ok, things look much better. Do you feel things are fixed or are you still having difficulties?
Judy

Thank you, thank you, thank you!!!!! Well the firewall hasn't turned off for about 7 or so hours. I think that is a great sign. Thanks for all your help. I hope I didn't frustrate you too much. If you have time, I would just like to ask you a couple of questions. If you don't have time to answer, no need to worry. I was just wondering how you know what you are looking for, what is good and what is bad in these logs. It is very interesting. I am on my second year of school for programing and networking, but I haven't seen this stuff. Just curious how you do learn. By the way, on all the forums I've used, I have NEVER seen someone do so much to help, AND, how fast you reply to all of these. I really do apreciate it, and I can't thank you enough Judy. (I hope you get paid a lot of money!!!)

Thanks so much for your kind words they are really appreciated.

(I hope you get paid a lot of money!!!)

:D
Hardly, we are all volunteers here.
Basically I learned what little I know at web sites like this one, several are now gone...don't know if I played a part in their demise or not, hope not:D
Lots of "googling" looking up various file names, etc. I love research, and love computers, who knew those two would eventually go together?

If you feel all is well there are still a couple things you need to do:
You should remove HiJackThis, you don't need it any more.
You also should uninstall combofix. It basically is a "one time" fixer. If a person is told to use it again some other time then a new copy would be needed.

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"

You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.
I also have one suggestion for a great and FREE program to use for security, SpywareBlaster It will protect your computer from spyware, adware, browser hijackers, and dialers, tracking cookies and it has a superior Restricted Sites portion also. It works with both IE and Firefox and one of the great things about it is that it does NOT run in the background. I wouldn't run my computer without it. Just download, install, update and enable then close the program. Manually check for updates often. Also keep MBA-M for scanning, always updating before you scan. The Quick Scan is usually sufficient unless it finds something then also do the Full System scan. It also has updates almost daily.

Judy