Looks like I'm infected. Any help will be appreciated!

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:20 AM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1011016
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://play.toontown.com
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189009422843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189009339765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4616 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.

1) I can't see a thing in this log, but that might be because System Configuration Utility (MSConfig) is in Selective Startup. Return to Normal Mode, you can go back to SS after you are clean.

2) Post an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

3) Provide more information, why do you think you are infected? What program tells you this? you said:

Looks like I'm infected. Any help will be appreciated
If you have a Virtumonde infection, you would know it. It is a prolific popup maker.

4) Post a new HJT log with MSConfig running in normal mode, the uninstall list and more information.

Thanks

Thank you Thank You Thank you for helping me!

1. I switched msconfig to normal and rebooted.

2. The uninstall list will follow along with the new log.

3. Spybot found virtumonde and virtumonde.sci (i think). I am getting the popups with IE but not with Firefox. Windows Explorer keeps asking zonealarm for internet access. I also get Windows no disk errors every so often. I realized that I hadn't renamed Highjackthis before I posted my first log..that is why the first log didn't show anything.. but didnt' want to repost for fear that my post would be ignored.

Here is the uninstall list
3D Groove Playback Engine
3DVIA player 4.1
Acrobat.com
Acrobat.com
Acrofrenzy 1.0.20.28
Adobe Acrobat 4.0
Adobe AIR
Adobe AIR
Adobe Flash Player 9
Adobe Flash Player ActiveX
Adobe Reader 9
Alien Escape 1.0.10.5
Ancestry Family Tree
ArcSoft Software Suite
Audacity 1.1.2
AVG 7.5
AwesomeMusicTrivia 1.2.2.3
Backgammon 1.0.2.4
Barbu 1.0.3.2
Big Biz Tycoon 2
Blizo 1.0.14.4
Block Dominoes 1.0.1.1
Borland Delphi 5
Candy Land - Dora the Explorer Edition
Canon MP Navigator 2.0
Canon MP150
Canon Utilities Easy-PhotoPrint
Case's Ladder Online Beta
CashCrate Games (remove only)
Casper Activity Center
Catan - The Computer Game
Catty 1.0.0.0
CCleaner (remove only)
Charter High Speed Internet Self-Installation Wizard
Chutes and Ladders
Clue
Cribbage 2.0.5.13
Cruise Ship Tycoon
Cue Words 1.0.5.10
Dartzee 2.0.16.7
Dice Rummy 1.0.0.0
Diner Dash
Dingo 2.0.1.1
DirectX Media Runtime 5.1
Disney Pirates of the Caribbean Online
Disney's Toontown Online
Domino Toe 1.0.1.2
Dora's Carnival 2: Boardwalk Adventure
DrawNet 2.2.6.2
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy CD Creator 5 Basic
ebgcInfra
ebgcRes
ebgcSDK
Euchre 1.0.4.3
ExtractNow
Family Tree Maker 2005
Farkle 3.0.7.6
Fathom 1.0.3.3
Fiesta
Gaps 1.0.3.2
Hand And Foot 1.0.8.7
Hand And Foot 2.0.0.0
Hangman 1.0.4.6
Hearts 1.0.4.4
HijackThis 2.0.2
Hooligans 1.0.2.7
Hoyle Classic Games II
Inkling 1.3.0
Inno Setup version 3.0.3-beta
Java(TM) 6 Update 2
Jumblelaya 1.0.5.5
Kaspersky Online Scanner
Lazarus 0.9.22
Lemonade Tycoon for Windows
Logitech MouseWare 9.79.1
Macromedia Flash Player
Macromedia Shockwave Player
Mall Tycoon
Michigan Rummy 1.0.2.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework SDK (English) 1.1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
MTV's Virtual World (remove only)
MumboJumbo 1.0.11.10
Mystery Square 2.1.0.1
Napster
Napster Burn Engine
Nero 7 Essentials
Nerts High Speed Card Game
NinetyEight 1.0.3.2
NVIDIA Drivers
Oh Pshaw 1.0.14.1
OLYMPUS CAMEDIA Master 4.1
Onlinebandit 5.10
OpenMG Secure Module 4.2.00
Outspark Launcher
PADGen
PADGen 3.0.1.37
Parchisi 1.0.12.10
Pick The Flowers version 2.0.2
Poker Squares 2.0.0.0
PowerDVD
Quacky 1.0.6.28
QuickTime
RealArcade
RealPlayer
Retrospection 1.0.2.2
RipIt4Me
RollerCoaster Tycoon Deluxe
Ruby-186-26
Rx Linbrary Version 2.75 For Delphi 6
School Tycoon
Shut The Box 1.0.2.4
Sliders 1.0.0.0
Snerks 1.2.0.0
Sony USB Driver
Spades 1.0.4.5
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Sqrib 1.4.0
Squid 1.0.3.2
Sudoku 1.0.1.2
Super Bounce Out!
Super Bounce Out!
Tag A Dice 1.0.2.13
Tams11 Software Gaming Lobby 1.6.7.5
Terminal Services Client
Terminal Services Client MSI
The Go Ronald Games
The Sims Makin' Magic
The Sims Menu Editor
Theme Hospital
TildeTech Software
Tile Rummy 1.0.9.6
Tratzee 1.0.7.8
UR 1.0.1.6
Viewpoint Media Player
Virtual Villagers - A New Home (remove only)
Westwood Shared Internet Components
Winamp (remove only)
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Service Pack 2
WinZip 11.1
Wiz Word 2.0.4.5
Wizard101
Word Bowling 1.0.7.15
Word Hunt 1.0.4.4
Word War 1.0.3.6
Wordline 1.4.3.4
Wordline Skins
Worph 1.0.4.1
Yahoo! Toolbar
Zoboomafoo Animal Kids
ZoneAlarm
Zoo Tycoon 2
Zoo Tycoon: Complete Collection

And the new Highjackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:40 AM, on 12/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\checkit.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {b11251b1-6e94-04c9-af54-3b4f67a6be41} - {14eb6a76-f4b3-45fa-9c40-49e61b15211b} - C:\WINDOWS\system32\xanwmn.dll
O2 - BHO: (no name) - {73819526-F355-4D8B-94E9-D44E28ACEAE9} - C:\WINDOWS\system32\fccccYrr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\khfDtTlI.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [c4f5db23] rundll32.exe "C:\WINDOWS\system32\gqhpuucj.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1011016
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: BHODemon.lnk = C:\Program Files\bhoremover\BHODemon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lndsrngn.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinomdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://play.toontown.com
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189009422843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189009339765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O20 - AppInit_DLLs: xanwmn.dll
O20 - Winlogon Notify: khfDtTlI - C:\WINDOWS\SYSTEM32\khfDtTlI.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7554 bytes

Thanks for returning your information and the feedback. I am looking at the uninstal list first.

Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.

Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

AVG 7.5 <<< I run AVG free 8, unless you know something I don't, we need to update. You may wait until we clean the malware, then I will post instructions.

Java(TM) 6 Update 2 <<< out of date, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php

Spybot - Search & Destroy 1.4 <<< this can cause a problem, uninstall the old version, make sure the other version is 1.6:
Please be sure Spybot S&D is up to date and fully immunized.
Spybot-S&D 1.6 has arrived! 8. July 2008
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/news/2008-07-08.html
http://www.safer-networking.org/en/faq/index.html

Viewpoint Media Player <<< suggest you uninstall, see this:
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546

Lots of programs I do not know, PSI should but I suggest you look for anything that does not belong and uninstall it.

You are infected, please make sure you do not turn TeaTimer on while we are working together.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks...Phil

HI,
I believe I did everything you said. I've run combo fix and it's been working for quite some time. It's been stuck on "Completed Stage_50 for about an hour. Is this OK or should I do something? I'm on a different computer right now.

Thanks for any advice/reassurance.

I'm so sorry, just a few minutes after I posted this, combofix appears to be doing something. I'm sorry to waste your time but I was getting parnoid.

I received an error while running hijackthis but it did complete. I saved a copy of the screen shot in case it's important for you to know.

Here is the combofix log

ComboFix 08-12-05.06 - Owner 2008-12-06 10:23:34.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.59 [GMT -6:00]
Running from: c:\documents and settings\Owner.TAMS11-0VL4PCT0\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.TAMS11-0VL4PCT0\Start Menu\Programs\Startup\TA_Start.lnk
c:\documents and settings\Owner.TAMS11-0VL4PCT0\Start Menu\Programs\Startup\think-adz.lnk
c:\program files\INSTALL.LOG
c:\windows\IE4 Error Log.txt
c:\windows\system32\cgwkfgvj.dll
c:\windows\system32\digeste.dll
c:\windows\system32\fccccYrr.dll
c:\windows\system32\geBtrOiJ.dll
c:\windows\system32\gpwxvv.dll
c:\windows\system32\gqhpuucj.dll
c:\windows\system32\khfDtTlI.dll
c:\windows\system32\kyhamgtn.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\rrYccccf.ini
c:\windows\system32\rrYccccf.ini2
c:\windows\system32\vyargvrn.dll
c:\windows\system32\xanwmn.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_PANDRV
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-06 10:02 . 2008-12-06 10:01 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-06 10:02 . 2008-12-06 10:01 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-06 10:00 . 2008-12-06 10:00 <DIR> d-------- c:\program files\Java
2008-12-05 07:42 . 2008-12-05 07:42 120 --ahs---- c:\windows\system32\nrvgrayv.ini
2008-12-02 22:15 . 2008-12-02 22:15 1,404,399 --ahs---- c:\windows\system32\jcuuphqg.ini
2008-11-28 11:20 . 2008-11-28 12:18 <DIR> d-------- c:\program files\TG Games
2008-11-28 11:20 . 2008-11-28 11:20 148 --a------ c:\windows\system32\acmeinc.ini
2008-11-28 11:20 . 2008-11-28 11:20 116 --a------ c:\windows\system32\vxdtgm.ini
2008-11-24 20:25 . 2008-11-24 20:26 <DIR> d-------- c:\program files\Animal Kids
2008-11-10 07:25 . 2008-08-14 03:51 138,368 -----c--- c:\windows\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 19:56 42,627,623 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-06 19:53 8,017,952 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-06 19:53 70,748 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-06 16:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-06 15:52 --------- d-----w c:\program files\MTV Virtual World
2008-12-06 15:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-06 15:08 --------- d-----w c:\program files\Trend Micro
2008-12-04 18:45 --------- d-----w c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\AVG7
2008-12-03 04:23 --------- d-----w c:\program files\Virtual Villagers - A New Home
2008-12-01 19:06 --------- d-----w c:\program files\Tams11
2008-12-01 16:05 --------- d-----w c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\Tams11
2008-12-01 04:01 --------- d-----w c:\program files\Ancestry.com
2008-11-29 22:29 --------- d-----w c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\PlayFirst
2008-11-29 22:29 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2008-11-27 00:00 --------- d-----w c:\program files\SmartFTP
2008-11-25 02:26 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 14:13 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-08 13:56 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-11-07 14:14 --------- d-----w c:\program files\Napster
2008-11-05 17:33 --------- d-----w c:\program files\Zone Labs
2008-11-01 16:09 --------- d-----w c:\program files\Nerts High Speed Card Game
2008-10-31 23:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 23:00 --------- d-----w c:\program files\KingsIsle Entertainment
2008-10-30 17:12 --------- d-----w c:\program files\catan
2008-10-30 16:17 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-10-30 15:16 --------- d-----w c:\program files\Oberon Media
2008-10-30 15:16 --------- d-----w c:\program files\MSN Games
2008-10-28 18:22 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg7
2008-10-15 00:17 --------- d-----w c:\program files\3DGroove
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-06 01:34 24 ----a-w c:\documents and settings\Owner.TAMS11-0VL4PCT0\jagex_runescape_preferences.dat
2007-09-20 16:53 72,624 -c--a-w c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\GDIPFONTCACHEV1.DAT
2007-04-22 01:04 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-02-22 01:19 774,144 ----a-w c:\program files\RngInterstitial.dll
2004-09-02 19:04 560 -c--a-w c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-13_ 2.18.56.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-01-05 14:37:48 468,696 ----a-w c:\windows\Downloaded Program Files\GrooveAX.dll
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
- 2007-02-28 09:08:48 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2007-06-27 14:34:51 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2006-10-17 16:58:06 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2006-10-17 16:57:50 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-06-27 14:34:51 132,608 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2006-10-17 16:58:20 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-06-27 08:27:04 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-06-27 14:34:51 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-06-27 14:34:51 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-06-27 07:00:33 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-06-27 14:34:51 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-06-27 14:34:51 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-06-27 14:34:55 6,058,496 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-06-27 14:34:55 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-06-27 14:34:55 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-06-27 08:27:05 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-06-27 08:27:30 625,152 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-06-27 14:34:56 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-06-27 14:34:56 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-06-27 14:34:56 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-07-19 06:59:59 3,583,488 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-06-27 14:34:57 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-06-27 14:34:58 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-06-27 14:34:58 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-06-27 14:34:58 102,400 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2006-10-17 16:58:08 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-06-27 14:34:58 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-06-27 14:34:58 1,152,000 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-06-27 14:34:59 232,960 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-06-27 14:34:59 823,808 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
- 2007-09-11 14:54:00 155,702 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
+ 2008-11-10 13:43:18 155,702 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
- 2007-09-11 14:54:00 2,560 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-11-10 13:43:18 2,560 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2007-09-11 14:54:00 34,304 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-11-10 13:43:17 34,304 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-09-11 14:54:01 8,192 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-11-10 13:43:18 8,192 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-09-11 14:54:01 3,584 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-11-10 13:43:18 3,584 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-09-11 14:54:01 114,688 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-11-10 13:43:18 114,688 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-09-11 14:54:00 16,384 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-11-10 13:43:17 16,384 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-09-11 14:54:00 12,800 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
+ 2008-11-10 13:43:17 12,800 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
- 2007-09-11 14:54:01 22,528 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-11-10 13:43:18 22,528 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-09-11 14:54:00 45,056 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-11-10 13:43:17 45,056 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-09-11 14:53:59 90,112 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-11-10 13:43:17 90,112 ----a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\nircmd.exe
+ 2000-08-31 14:00:00 28,672 ----a-w c:\windows\nircmd.exe
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 14:00:00 161,792 ----a-w c:\windows\swreg.exe
- 2007-06-27 14:34:51 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2007-07-19 23:14:42 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll
- 2007-06-27 14:34:51 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 06:10:37 274,304 -c--a-w c:\windows\system32\dllcache\bthport.sys
+ 2008-06-13 13:10:50 272,128 -c--a-w c:\windows\system32\dllcache\bthport.sys
- 2006-10-17 16:58:06 346,624 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2006-10-17 16:57:50 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 -c----w c:\windows\system32\dllcache\es.dll
- 2007-06-27 14:34:51 132,608 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2007-06-27 08:27:04 63,488 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2007-06-27 14:34:51 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2007-06-27 14:34:51 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2007-06-27 07:00:33 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2007-06-27 14:34:51 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2007-06-27 14:34:51 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2007-06-27 14:34:55 6,058,496 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2007-06-27 14:34:55 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2007-06-27 14:34:55 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2007-06-27 08:27:05 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2007-06-27 08:27:30 625,152 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2007-05-16 15:12:02 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll
- 2007-06-27 14:34:56 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 07:56:42 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-06-24 16:23:05 74,240 -c----w c:\windows\system32\dllcache\mscms.dll
- 2007-06-27 14:34:56 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2007-06-27 14:34:56 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-07-19 06:59:59 3,583,488 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2007-06-27 14:34:57 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2007-06-27 14:34:58 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2007-06-27 14:34:58 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2006-08-17 12:28:27 332,288 -c----w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c----w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
- 2007-06-27 14:34:58 102,400 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2006-10-17 16:58:08 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w c:\windows\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys
- 2006-08-14 10:34:41 332,928 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2007-06-27 14:34:58 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2007-06-27 14:34:58 1,152,000 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2007-06-27 14:34:59 232,960 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 -c----w c:\windows\system32\dllcache\win32k.sys
- 2007-06-27 14:34:59 823,808 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2004-08-11 06:45:04 229,376 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-27 23:40:06 227,328 -c--a-w c:\windows\system32\dllcache\wmasf.dll
- 2004-08-04 06:14:14 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2004-08-04 06:10:37 274,304 -c--a-w c:\windows\system32\drivers\bthport.sys
+ 2008-06-13 13:10:50 272,128 ----a-w c:\windows\system32\drivers\bthport.sys
- 2007-07-19 20:10:28 127,768 ----a-w c:\windows\system32\drivers\klif.sys
+ 2007-07-19 21:10:28 127,768 ----a-w c:\windows\system32\drivers\klif.sys
- 2006-07-13 08:48:58 202,240 ----a-w c:\windows\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2006-10-17 16:58:06 346,624 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2006-10-17 16:57:50 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll
- 2007-06-27 14:34:51 132,608 ----a-w c:\windows\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2007-09-11 15:04:49 267,008 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-10 14:13:14 267,008 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2006-10-17 16:58:20 61,952 ------w c:\windows\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
- 2007-06-27 08:27:04 63,488 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2007-06-27 14:34:51 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2007-06-27 14:34:51 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2007-06-27 07:00:33 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2007-06-27 14:34:51 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2007-06-27 14:34:51 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2007-06-27 14:34:55 6,058,496 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2007-06-27 14:34:55 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2007-06-27 14:34:55 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2007-06-27 08:27:05 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2007-05-16 15:12:02 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2007-07-12 06:22:00 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-06 16:01:10 144,792 ----a-w c:\windows\system32\java.exe
- 2007-07-12 06:22:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-06 16:01:10 144,792 ----a-w c:\windows\system32\javaw.exe
- 2007-07-12 07:22:38 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-06 16:01:11 148,888 ----a-w c:\windows\system32\javaws.exe
- 2007-06-27 14:34:56 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2001-02-01 13:49:26 217,088 -c--a-r c:\windows\system32\libmySQL.dll
+ 2001-02-01 14:49:26 217,088 -c--a-r c:\windows\system32\libmySQL.dll
- 2007-08-03 01:34:12 16,789,464 -c--a-w c:\windows\system32\MRT.exe
+ 2008-10-07 18:19:42 16,721,856 -c--a-w c:\windows\system32\MRT.exe
- 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll
- 2007-06-27 14:34:56 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2007-06-27 14:34:56 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2007-07-19 06:59:59 3,583,488 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2007-06-27 14:34:57 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2007-06-27 14:34:58 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
- 2007-06-27 14:34:58 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
- 2007-06-27 14:34:58 102,400 ----a-w c:\windows\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-04-13 01:54:38 53,552 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-05 17:35:58 53,552 ----a-w c:\windows\system32\perfc009.dat
- 2008-04-13 01:54:38 382,000 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-05 17:35:58 382,000 ----a-w c:\windows\system32\perfh009.dat
- 2006-10-17 16:58:08 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll
- 2008-03-20 19:41:20 14,640 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\system32\spmsg.dll
- 2007-07-18 12:42:22 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2007-06-27 14:34:58 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
- 2007-06-27 14:34:58 1,152,000 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
- 2007-09-06 21:14:04 83,432 ----a-w c:\windows\system32\vsdata.dll
+ 2008-07-09 15:05:10 83,432 ----a-w c:\windows\system32\vsdata.dll
- 2007-09-06 21:14:28 395,080 ----a-w c:\windows\system32\vsdatant.sys
+ 2008-07-09 15:05:22 394,952 ----a-w c:\windows\system32\vsdatant.sys
- 2007-09-06 21:14:04 157,160 ----a-w c:\windows\system32\vsinit.dll
+ 2008-07-09 15:05:10 157,160 ----a-w c:\windows\system32\vsinit.dll
- 2007-09-06 21:14:04 103,912 ----a-w c:\windows\system32\vsmonapi.dll
+ 2008-07-09 15:05:10 103,912 ----a-w c:\windows\system32\vsmonapi.dll
- 2007-09-06 21:14:04 275,944 ----a-w c:\windows\system32\vspubapi.dll
+ 2008-07-09 15:05:10 275,944 ----a-w c:\windows\system32\vspubapi.dll
- 2007-09-06 21:14:04 71,144 ----a-w c:\windows\system32\vsregexp.dll
+ 2008-07-09 15:05:10 71,144 ----a-w c:\windows\system32\vsregexp.dll
- 2007-09-06 21:14:06 472,552 ----a-w c:\windows\system32\vsutil.dll
+ 2008-07-09 15:05:12 472,552 ----a-w c:\windows\system32\vsutil.dll
- 2007-09-06 21:14:06 46,568 ----a-w c:\windows\system32\vswmi.dll
+ 2008-07-09 15:05:12 46,568 ----a-w c:\windows\system32\vswmi.dll
- 2007-09-06 21:14:06 99,816 ----a-w c:\windows\system32\vsxml.dll
+ 2008-07-09 15:05:12 99,816 ----a-w c:\windows\system32\vsxml.dll
- 2007-06-27 14:34:59 232,960 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2007-06-27 14:34:59 823,808 ----a-w c:\windows\system32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
- 2004-08-11 06:45:04 229,376 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-27 23:40:06 227,328 ----a-w c:\windows\system32\wmasf.dll
- 2007-09-06 21:14:06 83,432 ----a-w c:\windows\system32\zlcomm.dll
+ 2008-07-09 15:05:12 83,432 ----a-w c:\windows\system32\zlcomm.dll
- 2007-09-06 21:14:08 71,144 ----a-w c:\windows\system32\zlcommdb.dll
+ 2008-07-09 15:05:12 71,144 ----a-w c:\windows\system32\zlcommdb.dll
- 2007-09-19 20:52:09 4,212 ---h--w c:\windows\system32\zllictbl.dat
+ 2008-11-05 17:38:49 4,212 ---ha-w c:\windows\system32\zllictbl.dat
- 2007-09-06 21:13:56 370,208 ----a-w c:\windows\system32\ZoneLabs\av.dll
+ 2008-07-09 15:05:06 370,208 ----a-w c:\windows\system32\ZoneLabs\av.dll
- 2007-05-31 05:03:30 65,248 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2007-05-31 06:03:30 65,248 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\aphish.dat
- 2006-06-30 19:47:36 21,568 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2006-06-30 20:47:36 21,568 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\avcmhk4.dll
- 2007-05-31 05:03:30 1,628 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\pdmkl.dat
+ 2007-05-31 06:03:30 1,628 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\pdmkl.dat
- 2007-05-31 05:03:16 77,824 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 06:03:16 77,824 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHComm.dll
- 2007-05-31 05:03:16 110,592 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 06:03:16 110,592 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHrule.dll
- 2007-05-31 05:03:16 331,776 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 06:03:16 331,776 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHUM.dll
- 2007-05-31 05:03:16 38,400 ----a-w c:\windows\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-05-31 06:03:16 38,400 ----a-w c:\windows\system32\ZoneLabs\avsys\FSSync.dll
- 2006-09-20 04:12:14 208,960 ----a-w c:\windows\system32\ZoneLabs\avsys\inv.dll
+ 2006-09-20 05:12:14 208,960 ----a-w c:\windows\system32\ZoneLabs\avsys\inv.dll
- 2007-08-25 00:31:48 274,432 ----a-w c:\windows\system32\ZoneLabs\avsys\kave.dll
+ 2007-12-03 20:53:58 282,624 ----a-w c:\windows\system32\ZoneLabs\avsys\kave.dll
- 2006-12-19 23:13:52 1,093,632 ----a-w c:\windows\system32\ZoneLabs\avsys\libeay32.dll
+ 2006-12-20 00:13:52 1,093,632 ----a-w c:\windows\system32\ZoneLabs\avsys\libeay32.dll
- 2007-05-31 05:03:20 548,864 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 06:03:20 548,864 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcp80.dll
- 2007-05-31 05:03:20 626,688 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 06:03:20 626,688 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcr80.dll
- 2007-05-31 05:03:18 184,320 ----a-w c:\windows\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 06:03:18 184,320 ----a-w c:\windows\system32\ZoneLabs\avsys\prloader.dll
- 2007-05-31 05:03:22 90,112 ----a-w c:\windows\system32\ZoneLabs\avsys\prremote.dll
+ 2007-05-31 06:03:22 90,112 ----a-w c:\windows\system32\ZoneLabs\avsys\prremote.dll
- 2007-08-25 00:31:48 135,168 ----a-w c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2007-12-03 20:53:58 139,264 ----a-w c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
- 2006-12-19 23:13:52 200,704 ----a-w c:\windows\system32\ZoneLabs\avsys\ssleay32.dll
+ 2006-12-20 00:13:52 200,704 ----a-w c:\windows\system32\ZoneLabs\avsys\ssleay32.dll
- 2007-09-06 21:13:56 99,816 ----a-w c:\windows\system32\ZoneLabs\camupd.dll
+ 2008-07-09 15:05:06 99,816 ----a-w c:\windows\system32\ZoneLabs\camupd.dll
- 2004-01-30 17:35:08 813,568 ----a-w c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2004-01-30 18:35:08 813,568 ----a-w c:\windows\system32\ZoneLabs\dbghelp.dll
- 2007-09-06 21:13:58 128,480 ----a-w c:\windows\system32\ZoneLabs\fbl.dll
+ 2008-07-09 15:05:08 128,480 ----a-w c:\windows\system32\ZoneLabs\fbl.dll
- 2007-09-06 21:13:58 38,376 ----a-w c:\windows\system32\ZoneLabs\featuremap.dll
+ 2008-07-09 15:05:08 38,376 ----a-w c:\windows\system32\ZoneLabs\featuremap.dll
- 2007-09-06 21:13:58 321,016 ----a-w c:\windows\system32\ZoneLabs\imsecure.dll
+ 2008-07-09 15:05:08 321,016 ----a-w c:\windows\system32\ZoneLabs\imsecure.dll
- 2007-09-06 21:14:30 288,144 ----a-w c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-07-09 15:05:24 288,144 ----a-w c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
- 2007-09-06 21:14:30 152,976 ----a-w c:\windows\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-11-10 14:37:11 152,976 ----a-w c:\windows\system32\ZoneLabs\lib\licenseui.zip.dll
- 2007-09-06 21:14:30 26,000 ----a-w c:\windows\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-07-09 15:05:24 26,000 ----a-w c:\windows\system32\ZoneLabs\lib\zlsvc.zip.dll
- 2007-09-06 21:14:32 1,361,296 ----a-w c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-07-09 15:05:24 1,361,296 ----a-w c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
- 2007-09-06 21:14:32 71,056 ----a-w c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-07-09 15:05:24 71,056 ----a-w c:\windows\system32\ZoneLabs\lib\zui.zip.dll
- 2007-09-06 21:15:50 30,184 ----a-w c:\windows\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-07-09 15:06:26 30,184 ----a-w c:\windows\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
- 2007-09-06 21:15:52 30,216 ----a-w c:\windows\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2008-07-09 15:06:26 30,216 ----a-w c:\windows\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
- 2007-08-15 20:45:42 714,208 ----a-w c:\windows\system32\ZoneLabs\qrbase.dll
+ 2008-02-27 09:10:26 714,208 ----a-w c:\windows\system32\ZoneLabs\qrbase.dll
- 2007-08-15 20:45:44 787,936 ----a-w c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2008-02-27 09:10:28 792,032 ----a-w c:\windows\system32\ZoneLabs\qrsrecl.dll
- 2007-09-06 21:14:00 173,544 ----a-w c:\windows\system32\ZoneLabs\scheduler.dll
+ 2008-07-09 15:05:08 173,544 ----a-w c:\windows\system32\ZoneLabs\scheduler.dll
- 2007-01-11 16:12:08 2,432,259 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2008-01-21 14:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
- 2007-08-15 20:45:44 1,500,640 ----a-w c:\windows\system32\ZoneLabs\srescan.dll
+ 2008-02-27 09:10:32 1,504,736 ----a-w c:\windows\system32\ZoneLabs\srescan.dll
- 2007-06-11 17:44:10 50,416 ----a-w c:\windows\system32\ZoneLabs\srescan.sys
+ 2008-02-27 09:10:44 51,176 ----a-w c:\windows\system32\ZoneLabs\srescan.sys
- 2007-09-06 21:14:02 456,168 ----a-w c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2008-07-09 15:05:10 456,168 ----a-w c:\windows\system32\ZoneLabs\ssleay32.dll
- 2007-09-06 21:15:52 214,528 ----a-w c:\windows\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2008-07-09 15:06:26 214,528 ----a-w c:\windows\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
- 2007-09-06 21:15:54 3,266,040 ----a-w c:\windows\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2008-07-09 15:06:30 3,266,040 ----a-w c:\windows\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
- 2006-09-05 01:59:14 503,875 ----a-w c:\windows\system32\ZoneLabs\upd_core.dll
+ 2006-09-05 02:59:14 503,875 ----a-w c:\windows\system32\ZoneLabs\upd_core.dll
- 2007-08-01 11:30:04 833,248 ----a-w c:\windows\system32\ZoneLabs\updating.dll
+ 2007-10-11 22:50:32 832,984 ----a-w c:\windows\system32\ZoneLabs\updating.dll
- 2007-09-06 21:14:18 149,032 ----a-w c:\windows\system32\ZoneLabs\updclient.exe
+ 2008-07-09 15:05:18 144,936 ----a-w c:\windows\system32\ZoneLabs\updclient.exe
- 2007-01-11 22:31:06 286,787 ----a-w c:\windows\system32\ZoneLabs\updtrsdk.dll
+ 2007-01-11 23:31:06 286,787 ----a-w c:\windows\system32\ZoneLabs\updtrsdk.dll
- 2007-09-06 21:14:04 108,008 ----a-w c:\windows\system32\ZoneLabs\vsavpro.dll
+ 2008-07-09 15:05:10 108,008 ----a-w c:\windows\system32\ZoneLabs\vsavpro.dll
- 2007-09-06 21:14:04 79,336 ----a-w c:\windows\system32\ZoneLabs\vsdb.dll
+ 2008-07-09 15:05:10 83,432 ----a-w c:\windows\system32\ZoneLabs\vsdb.dll
- 2007-09-06 21:14:18 75,304 ----a-w c:\windows\system32\ZoneLabs\vsmon.exe
+ 2008-07-09 15:05:18 75,304 ----a-w c:\windows\system32\ZoneLabs\vsmon.exe
- 2007-09-06 21:14:04 2,024,936 ----a-w c:\windows\system32\ZoneLabs\vsmondll.dll
+ 2008-07-09 15:05:10 2,029,032 ----a-w c:\windows\system32\ZoneLabs\vsmondll.dll
- 2007-09-06 21:14:06 1,345,000 ----a-w c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2008-07-09 15:05:12 1,361,384 ----a-w c:\windows\system32\ZoneLabs\vsruledb.dll
- 2007-09-06 21:14:06 239,080 ----a-w c:\windows\system32\ZoneLabs\vsvault.dll
+ 2008-07-09 15:05:12 239,080 ----a-w c:\windows\system32\ZoneLabs\vsvault.dll
- 2007-01-11 16:12:08 2,432,259 ----a-w c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2008-01-21 14:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\zlasdbup.dat
- 2007-09-06 21:14:08 177,640 ----a-w c:\windows\system32\ZoneLabs\zlparser.dll
+ 2008-07-09 15:05:12 177,640 ----a-w c:\windows\system32\ZoneLabs\zlparser.dll
- 2007-09-06 21:14:08 79,344 ----a-w c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2008-07-09 15:05:12 79,344 ----a-w c:\windows\system32\ZoneLabs\zlquarantine.dll
- 2007-09-06 21:14:08 382,440 ----a-w c:\windows\system32\ZoneLabs\zlsre.dll
+ 2008-07-09 15:05:14 382,440 ----a-w c:\windows\system32\ZoneLabs\zlsre.dll
- 2007-09-06 21:14:08 120,296 ----a-w c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2008-07-09 15:05:14 120,296 ----a-w c:\windows\system32\ZoneLabs\zlupdate.dll
- 2007-09-06 21:14:12 1,086,952 ----a-w c:\windows\system32\zpeng24.dll
+ 2008-07-09 15:05:16 1,086,952 ----a-w c:\windows\system32\zpeng24.dll
+ 2008-12-06 19:56:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b0.dat
- 2003-03-16 03:15:04 90,112 -c--a-w c:\windows\unvise32.exe
+ 2003-03-16 04:15:04 90,112 ----a-w c:\windows\unvise32.exe
+ 2006-12-02 03:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 05:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 05:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
- 2007-09-06 21:14:18 75,248 ----a-w c:\windows\zllsputility.exe
+ 2008-07-09 15:05:20 75,248 ----a-w c:\windows\zllsputility.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-22 185632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-26 98304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-12-06 590848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-22 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xanwmn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= ctwdm32.dll
"VIDC.D263"= xl_x263dec.dll
"VIDC.YV12"= xl_yv12.dll
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

S3 3COMADSL;3Com ADSL PCI Modem LAN/RFC1483 (Win 2000);c:\windows\system32\DRIVERS\3cpalr2K.sys []
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2002-06-03 35984]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys []
S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2007-02-22 899884]
S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe []
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\AVG Test Center.job
- c:\program files\Grisoft\AVG Free\avgw.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{14eb6a76-f4b3-45fa-9c40-49e61b15211b} - c:\windows\system32\xanwmn.dll
BHO-{73819526-F355-4D8B-94E9-D44E28ACEAE9} - c:\windows\system32\fccccYrr.dll


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = hxxp://localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\Mozilla\Firefox\Profiles\kgr1e083.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Virtools\3D Life Player\npvirtools.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 13:59:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Real\RealPlayer\realplay.exe
.
**************************************************************************
.
Completion time: 2008-12-06 14:13:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 20:13:28

Pre-Run: 39,430,799,360 bytes free
Post-Run: 39,334,928,384 bytes free

605


And the Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:27 PM, on 12/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\checkit.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: BHODemon.lnk = C:\Program Files\bhoremover\BHODemon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O15 - Trusted Zone: http://play.toontown.com
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189009422843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189009339765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O20 - AppInit_DLLs: xanwmn.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6956 bytes

I received an error while running hijackthis but it did complete. I saved a copy of the screen shot in case it's important for you to know
Thanks for that information, hold on to the screenshot until we finish in case I ask to see it, then delete it.

Please read and follow the directions carefully and in the numbered order.

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

2) Open notepad and copy/paste the text in the codebox below into it:


File::
c:\windows\system32\nrvgrayv.ini
c:\windows\system32\jcuuphqg.ini

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Save this as CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(you may leave this if you set it on purpose)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O15 - Trusted Zone: http://play.toontown.com
O20 - AppInit_DLLs: xanwmn.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

How is the computer running now?

Thanks

I posted all logs to the end of the post.

When I ran Combo fix, it ran, opened a log, and then froze with only my desktop image showing for an hour and a half. I finally rebooted (the hard way) my computer.

When I opened hijackthis I got another error. I like my internet explorer to not open a website so I kept that as is. I checked the play.toontown.com. I could not find O20 - AppInit_DLLs: xanwmn.dll in the list though so I could not check that.

ATF Cleaner and Malwarebytes ran with no problems.

I opened IE without any popups.. YEAH. I'll check spybot tomorrow to see if it finds anything.

Thank you for being so patient with me!

Combofix log
ComboFix 08-12-05.06 - Owner 2008-12-06 15:23:23.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.53 [GMT -6:00]
Running from: c:\documents and settings\Owner.TAMS11-0VL4PCT0\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.TAMS11-0VL4PCT0\Desktop\CFScript.txt

FILE ::
c:\windows\system32\jcuuphqg.ini
c:\windows\system32\nrvgrayv.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\jcuuphqg.ini
c:\windows\system32\nrvgrayv.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-06 10:02 . 2008-12-06 10:01 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-06 10:02 . 2008-12-06 10:01 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-06 10:00 . 2008-12-06 10:00 <DIR> d-------- c:\program files\Java
2008-11-28 11:20 . 2008-11-28 12:18 <DIR> d-------- c:\program files\TG Games
2008-11-28 11:20 . 2008-11-28 11:20 148 --a------ c:\windows\system32\acmeinc.ini
2008-11-28 11:20 . 2008-11-28 11:20 116 --a------ c:\windows\system32\vxdtgm.ini
2008-11-24 20:25 . 2008-11-24 20:26 <DIR> d-------- c:\program files\Animal Kids
2008-11-10 07:25 . 2008-08-14 03:51 138,368 -----c--- c:\windows\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 19:56 42,627,623 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-06 19:53 8,017,952 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-06 19:53 70,748 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-06 16:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-06 15:52 --------- d-----w c:\program files\MTV Virtual World
2008-12-06 15:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-06 15:08 --------- d-----w c:\program files\Trend Micro
2008-12-04 18:45 --------- d-----w c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\AVG7
2008-12-03 04:23 --------- d-----w c:\program files\Virtual Villagers - A New Home
2008-12-01 19:06 --------- d-----w c:\program files\Tams11
2008-12-01 16:05 --------- d-----w c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\Tams11
2008-12-01 04:01 --------- d-----w c:\program files\Ancestry.com
2008-11-29 22:29 --------- d-----w c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\PlayFirst
2008-11-29 22:29 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2008-11-27 00:00 --------- d-----w c:\program files\SmartFTP
2008-11-25 02:26 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 14:13 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-08 13:56 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-11-07 14:14 --------- d-----w c:\program files\Napster
2008-11-05 17:33 --------- d-----w c:\program files\Zone Labs
2008-11-01 16:09 --------- d-----w c:\program files\Nerts High Speed Card Game
2008-10-31 23:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 23:00 --------- d-----w c:\program files\KingsIsle Entertainment
2008-10-30 17:12 --------- d-----w c:\program files\catan
2008-10-30 16:17 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-10-30 15:16 --------- d-----w c:\program files\Oberon Media
2008-10-30 15:16 --------- d-----w c:\program files\MSN Games
2008-10-28 18:22 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg7
2008-10-15 00:17 --------- d-----w c:\program files\3DGroove
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-06 01:34 24 ----a-w c:\documents and settings\Owner.TAMS11-0VL4PCT0\jagex_runescape_preferences.dat
2007-09-20 16:53 72,624 -c--a-w c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\GDIPFONTCACHEV1.DAT
2007-04-22 01:04 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-02-22 01:19 774,144 ----a-w c:\program files\RngInterstitial.dll
2004-09-02 19:04 560 -c--a-w c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-22 185632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-26 98304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-12-06 590848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-22 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= ctwdm32.dll
"VIDC.D263"= xl_x263dec.dll
"VIDC.YV12"= xl_yv12.dll
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

S3 3COMADSL;3Com ADSL PCI Modem LAN/RFC1483 (Win 2000);c:\windows\system32\DRIVERS\3cpalr2K.sys []
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2002-06-03 35984]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys []
S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2007-02-22 899884]
S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe []
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\AVG Test Center.job
- c:\program files\Grisoft\AVG Free\avgw.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = hxxp://localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Owner.TAMS11-0VL4PCT0\Application Data\Mozilla\Firefox\Profiles\kgr1e083.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Virtools\3D Life Player\npvirtools.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 15:32:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-06 15:45:46
ComboFix-quarantined-files.txt 2008-12-06 21:45:37
ComboFix2.txt 2008-12-06 20:13:48
ComboFix3.txt 2008-08-13 07:20:32
ComboFix4.txt 2007-09-09 17:47:41

Pre-Run: 39,412,297,728 bytes free
Post-Run: 39,375,347,712 bytes free

149

mbam log

Malwarebytes' Anti-Malware 1.31
Database version: 1467
Windows 5.1.2600 Service Pack 2

12/6/2008 6:48:02 PM
mbam-log-2008-12-06 (18-48-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 253134
Time elapsed: 1 hour(s), 40 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\qoobox\Quarantine\C\WINDOWS\system32\cgwkfgvj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\fccccYrr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\geBtrOiJ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\gpwxvv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\gqhpuucj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\khfDtTlI.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\kyhamgtn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\vyargvrn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\xanwmn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091170.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091216.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:35 PM, on 12/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\checkit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: BHODemon.lnk = C:\Program Files\bhoremover\BHODemon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189009422843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189009339765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6835 bytes

Question: is it possible you tried to install Service Pack #3 and the installation was not successful? Some of the stuff in the combofix log appears to be from a failed installation, but I am not 100% sure, having not seen it before?

Let's move on for now like this.

Here is the download link for AVG:
http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
If you want the free version, choose the first one. I suggest, before you start, you look at this tutorial to see if you can use it:
How to Install Free version AVG 8.0 without LinkScanner feature
http://russelltexas.com/tutorials/avg8install.htm
Here is additional valuable information for AVG users:
FAQ: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/

From experience, I find this is the safest way to download and install AVG 8 because the old version must be removed first.

1) Download the AVG installer and save it to your Desktop, once you have it on the Desktop, STOP

2) Go offline and then uninstall AVG 7 in Add Remove programs, once it is completely uninstalled, restart the computer.

3) Click on the Installer on the Desktop and follow the instructions carefully, make sure you have read that tutorial carefully if you intend to install AVG 8 without LinkScanner.

once AVG 8 is installed, follow these directions:

*Right click the icon for AVG in System Tray and choose Open AVG User Interface.

*Click on Update now, allow AVG to download and install any new updates.

* Click on Computer Scanner then choose "Scan whole computer", this takes a round one hour on the computer I am using now.

* Near the bottom above the words "The scan is complete" choose "Export overview to file"

* Choose Desktop and give it a name you will recognize like AVG Scan Results, then choose SAVE.

* Close results and close the Interface.

* Copy and paste the contents of that file to your topic here if you think I need to see it or if you have questions. Make sure to Quarantine what is found (Virus Vault).

Let me have some feedback at this point and a new HJT log and we will wrap this up.

Thanks

I haven't had any trouble with IE so far. Although I haven't used it too much. And the other symptoms seems to be gone as well. The computer is rather slow but it's probably because I don't have a lot of ram.I didn't get an error when I ran hijack this time.. so that is good. I'm going to run spybot to see what it says.

Do I need to have this java stuff running? It keeps asking for internet access. If I don't have to have it running I would rather not have it.

Here is the hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:38 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\checkit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BHODemon.lnk = C:\Program Files\bhoremover\BHODemon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189009422843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189009339765
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6439 bytes

Here is the AVG scan

Scan "Scan whole computer" was finished.
Infections found:;"1"
Infected objects removed or healed:;"1"
Not removed or healed:;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"Sunday, December 07, 2008, 10:54:24 AM"
Scan finished:;"Sunday, December 07, 2008, 1:36:36 PM (2 hour(s) 42 minute(s) 11 second(s))"
Total object scanned:;"733280"
User who launched the scan:;"Owner"

Infections
File;"Infection";"Result"
C:\System Volume Information\_restore{BFFDB9CD-AAEC-42C4-880D-0E5D87D90DCB}\RP431\A0091206.dll;"Trojan horse Rootkit-Agent.BV";"Moved to Virus Vault"

Do I need to have this java stuff running? It keeps asking for internet access. If I don't have to have it running I would rather not have it.
You do not have to keep the Java scheduler running, it is buggy and rarely works anyway.
C:\Program Files\Java\jre6\bin\jusched.exe <<< this one

If you run PSI once a month or so, it will tell you what program need to be updated. You do not have to keep it running either. See this information to control what you run at startup:
http://www.netsquirrel.com/msconfig/msconfig_xp.html

This information may help your computer to run better if applied.
http://www.malwareremoval.com/tutorials/runningslowly.php
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

I personally believe you would benefit from either a repair or reinstallation of the operating system. That information is availavle online via any good search engine.

Let's wrapup like this:

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.

Update AVG 8 and scan the system, to be sure it is running right and scanning clean.

If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html

Ok I restored and ran the two programs and things seem clean. I so appreciate all your help! These things can be nerve racking to say the least.

I'll check into the other things you suggested. A repair of windows sounds promising but a bit scary.

Thanks again!