Read up on ComboFix and ran it.... before reading not to run it yet:oops::oops:. My fault. I also tried three times to install the recovery console...keeps saying there is no internet connection when in fact there is. So far this is what I got. Thanks for any help you can throw my way.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:15 PM, on 12/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/jvm/msjavx86_3805.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - AppInit_DLLs: lmvffj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 4633 bytes




ComboFix 08-12-20.01 - Charlies 2008-12-20 20:15:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.105 [GMT -8:00]
Running from: c:\documents and settings\Charlies\Desktop\open.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll
c:\windows\system32\aiksklqu.ini
c:\windows\system32\dmvbsbhn.ini
c:\windows\system32\drivers\TDSSpqxt.sys
c:\windows\system32\fvjeailo.ini
c:\windows\system32\odugwhci.ini
c:\windows\system32\srqdlqhs.ini
c:\windows\system32\TDSScbqp.dll
c:\windows\system32\TDSSciou.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvn.dat
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSSthym.log
c:\windows\system32\TDSStkdv.log
c:\windows\system32\winscenter.exe
c:\windows\system32\yauesbgp.ini
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll
c:\documents and settings\All Users\Application Data\svhost.exe
c:\documents and settings\Amber\Application Data\FunWebProducts
c:\program files\Spyware Guard 2008
c:\program files\Spyware Guard 2008\conf.cfg
c:\program files\Spyware Guard 2008\mbase.vdb
c:\program files\Spyware Guard 2008\quarantine.vdb
c:\program files\Spyware Guard 2008\queue.vdb
c:\program files\Spyware Guard 2008\spywareguard.exe
c:\program files\Spyware Guard 2008\uninstall.exe
c:\program files\Spyware Guard 2008\vbase.vdb
c:\temp\tn3
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\bnaoojmm.dll
c:\windows\system32\cjjgckam.dll
c:\windows\system32\cqiasy.dll
c:\windows\system32\cxgjoaur.dll
c:\windows\system32\digeste.dll
c:\windows\system32\drivers\4_stars.gif
c:\windows\system32\drivers\5_stars.gif
c:\windows\system32\drivers\alert_icon.gif
c:\windows\system32\drivers\buy_btn.gif
c:\windows\system32\drivers\close_icon.gif
c:\windows\system32\drivers\detect.htm
c:\windows\system32\drivers\download_btn.gif
c:\windows\system32\drivers\features.gif
c:\windows\system32\drivers\header_bg.gif
c:\windows\system32\drivers\icon_warning.gif
c:\windows\system32\drivers\logo_bg.gif
c:\windows\system32\drivers\perfect_cleaner_box.jpg
c:\windows\system32\drivers\perfect_cleaner_box_small.jpg
c:\windows\system32\drivers\perfect_cleaner_header.gif
c:\windows\system32\drivers\perfect_cleaner_header_small.gif
c:\windows\system32\drivers\protect.gif
c:\windows\system32\drivers\pt.htm
c:\windows\system32\drivers\remove_spyware_button.gif
c:\windows\system32\drivers\s_detect.htm
c:\windows\system32\drivers\secuity_center_logo.gif
c:\windows\system32\drivers\spy_away_box.jpg
c:\windows\system32\drivers\spy_away_box_small.jpg
c:\windows\system32\drivers\spy_away_header.gif
c:\windows\system32\drivers\spy_away_header_small.gif
c:\windows\system32\drivers\users_rating.gif
c:\windows\system32\drivers\v.gif
c:\windows\system32\drivers\x.gif
c:\windows\system32\gnolnisi.dll
c:\windows\system32\gtv_sd.bin
c:\windows\system32\gvwwya.dll
c:\windows\system32\hfdtxqjg.dll
c:\windows\system32\ichwgudo.dll
c:\windows\system32\jiRuCfhk.ini
c:\windows\system32\jiRuCfhk.ini2
c:\windows\system32\khfCuRij.dll
c:\windows\system32\kiurxy.dll
c:\windows\system32\lmvffj.dll
c:\windows\system32\nhbsbvmd.dll
c:\windows\system32\nqongavv.dll
c:\windows\system32\ntnet.drv
c:\windows\system32\oddkconi.dll
c:\windows\system32\pbyykaox.dll
c:\windows\system32\riddtsiy.dll
c:\windows\system32\ruxerrvq.dll
c:\windows\system32\sl.bin
c:\windows\system32\stfv.bin
c:\windows\system32\sysaudio.sys
c:\windows\system32\tgntxlql.dll
c:\windows\system32\tmufdh.dll
c:\windows\system32\veqdsn.dll
c:\windows\system32\winscenter.exe
c:\windows\system32\wpv381229157196.cpx
c:\windows\system32\xxyxUmMF.dll
c:\windows\vmreg.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-20 16:26 . 2008-12-20 16:57 <DIR> d-------- C:\music and pictures
2008-12-20 15:59 . 2008-12-20 15:59 <DIR> d-------- c:\program files\Safer Networking
2008-12-16 18:02 . 2008-12-16 18:02 23,552 --a------ c:\windows\system32\hwvusknf.exe
2008-11-28 10:39 . 2008-11-28 10:39 <DIR> d-------- c:\program files\NCH Software
2008-11-28 10:33 . 2008-11-28 10:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-24 20:41 . 2008-11-24 20:41 <DIR> d-------- c:\documents and settings\Charlies\Application Data\Xingtone
2008-11-24 20:24 . 2008-11-24 20:24 59,183 --a------ c:\windows\valhal99.fnt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 05:43 --------- d-----w c:\program files\Google
2008-12-20 05:34 --------- d-----w c:\program files\BFG
2008-12-17 00:49 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-17 00:47 --------- d-----w c:\program files\EPSON
2008-12-17 00:46 --------- d-----w c:\program files\Common Files\EPSON
2008-12-08 22:23 --------- d-----w c:\program files\Beachhead 2000
2008-12-02 04:18 --------- d-----w c:\documents and settings\Charlies\Application Data\U3
2008-11-14 23:52 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-14 23:52 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-14 23:52 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-14 23:52 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-13 19:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2007-12-17 21:55 64,072 ----a-w c:\documents and settings\CANDICE\Application Data\GDIPFONTCACHEV1.DAT
2007-12-13 18:59 64,072 ----a-w c:\documents and settings\Charlies\Application Data\GDIPFONTCACHEV1.DAT
2006-06-20 23:26 64,072 -c--a-w c:\documents and settings\Amber\Application Data\GDIPFONTCACHEV1.DAT
2005-12-28 23:46 62,808 -c--a-w c:\documents and settings\Amanda\Application Data\GDIPFONTCACHEV1.DAT
2005-04-01 22:05 56 --sh--r c:\windows\system32\3ECC20D969.sys
2005-04-01 22:05 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lmvffj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv
"aux"= sysaudio.sys

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\FlashFXP\\flashfxp.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Xingtone\\Xingtone Ringtone Maker\\Xingtone.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\KTC111.SYS [2004-09-02 19016]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2815e23a-a685-11dc-bd11-00c0f0740a91}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1DF8505D-AA7B-4F14-A6DB-E27464D841E2} - c:\windows\system32\khfCuRij.dll
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\xxyxUmMF.dll
BHO-{7590c32b-72d0-4643-9a8c-63ac7aba90b5} - c:\windows\system32\lmvffj.dll
HKLM-Run-BAS - c:\winnt\temp\Rar$EX07.563\flash1\seaphoenix.exe
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\xxyxUmMF.dll
Notify-xxyxUmMF - xxyxUmMF.dll


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - hxxp://www.wildtangent.com/install/jvm/msjavx86_3805.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 20:20:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-20 20:25:26 - machine was rebooted [Charlies]
ComboFix-quarantined-files.txt 2008-12-21 04:25:22

Pre-Run: 15,779,971,072 bytes free
Post-Run: 15,690,141,696 bytes free

227 --- E O F --- 2007-11-29 11:00:49

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

I apologize for the wait, volunteers are swamped at all forums with infected computers. If you have resolved your issues, please post to let me know so I can close this topic.

Here is what the creator of the tool has to say:

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
Having said that, you had one badly infected computer but it appears combofix killed a load of the junk. If you still need help, since it has been five days or more since this HJT log was posted, post a fresh HJT log and some feedback from you on how the computer is running. I would also like to know where you picked up that junk if you know.

Thanks...Phil:santa:

Since I ran Combo Fix (Without being told.... once again, sorry about that) my computer has been runing very well. It started having problems after I began using torrent files for the first time. Not going to do that any more. Here's a new HJT log. Thanks for your help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:05 AM, on 12/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/jvm/msjavx86_3805.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - AppInit_DLLs: lmvffj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 4649 bytes

Thanks for returning this information, please do not remove combofix just yet, we may need to run a script.

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

2) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(if you use these next two, install then again when we finish, they are damaged)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/j...avx86_3805.exe
O20 - AppInit_DLLs: lmvffj.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

3) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

4) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

Let me know how the computer is running now.

5) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks

Seems to be working okay now...but a little quirky. Ran ATF Cleaner and Malwarebytes' Anti-Malware this morning. After re-boot. Could not get back into the Spy-bot forum.... was constantly re-directed to Google.com. Tried other sites: Hotmail, ebay, craiglist, and other forums I'm a member of & everything worked fine. Just could not get into Spy-bot.. Script bar at the bottom of Explorer would state something like "a Bad URL .......... AVENUE A ........" It would come and go so fast I could not read the rest. I shut the computer off. Came back to it now (about five hours later) and everything seems to be OK. Anyway here are the logs you asked for. OH..... THANKS...... You have been more help than I can say. Thank you for your time and expertise. It is greatly appreciated

Charles


Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 2

12/26/2008 10:16:14 AM
mbam-log-2008-12-26 (10-16-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 109547
Time elapsed: 1 hour(s), 9 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 46

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e21e324c-85ff-4de9-a4ee-18ead0521543} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Charlies\Start Menu\Programs\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\ahulpxse\khqzozed.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\atsrofan\odkhgvgb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Spyware Guard 2008\spywareguard.exe.vir (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hfdtxqjg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnrse.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bnaoojmm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cjjgckam.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cqiasy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cxgjoaur.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\digeste.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gnolnisi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gvwwya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ichwgudo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\khfCuRij.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kiurxy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lmvffj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nhbsbvmd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nqongavv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\oddkconi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pbyykaox.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\riddtsiy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ruxerrvq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSScbqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSciou.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tgntxlql.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tmufdh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\veqdsn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wpv381229157196.cpx.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyxUmMF.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpqxt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1F41203-92BC-4A17-BBB7-83861B42EC4C}\RP1425\A0229318.pmt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1F41203-92BC-4A17-BBB7-83861B42EC4C}\RP1428\A0229433.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1F41203-92BC-4A17-BBB7-83861B42EC4C}\RP1440\A0234746.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1F41203-92BC-4A17-BBB7-83861B42EC4C}\RP1440\A0234759.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1F41203-92BC-4A17-BBB7-83861B42EC4C}\RP1442\A0238475.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1F41203-92BC-4A17-BBB7-83861B42EC4C}\RP1442\A0238476.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1F41203-92BC-4A17-BBB7-83861B42EC4C}\RP1442\A0238477.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1F41203-92BC-4A17-BBB7-83861B42EC4C}\RP1442\A0238478.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1F41203-92BC-4A17-BBB7-83861B42EC4C}\RP1442\A0238479.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlies\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlies\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\kdrzboqgws.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\winnt\temp\laf123.tmp (Trojan.Zlob) -> Quarantined and deleted successfully.

********************************************************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:53 PM, on 12/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 4184 bytes
********************************************************************************************************************
UNINSTALL LIST


102 Dalmatians Activity Center
3D Groove Playback Engine
3D Home Architect 4
ACE the CSET - Multiple Subjects
ACE the CSET Single Subject Math 3
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Apple Mobile Device Support
Apple Software Update
AXIS Media Control
Beachhead 2000
Bejeweled 2 Deluxe
Bejeweled 2 Deluxe
BRC
Business Plan Pro 2004
Card and Board Games
Checkers
Chinese Checkers Special Edition
Cinderella's Dollhouse
Cubis Gold 2
Dell ResourceCD
Disney's Cinderella's Castle Designer
DivX Player
DivX Pro Trial
Dominoes Deluxe
EPSON Printer Software
Extreme Orchids Special Edition
Finding Nemo: Nemo's Underwater World of Fun
FlashFXP v3
Galaxy Man
GameSpy Arcade
Google Earth
Harry Potter and the Prisoner of Azkaban(TM)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hoyle Casino 5
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Jewel Quest
JumpStart Advanced Preschool
JumpStart Preschool 2001
Linksys Wireless-G PCI Network Adapter with SpeedBooster
Macromedia Shockwave Player
Macromedia Shockwave Player
Magic Match
Mah Jong Tiles Deluxe
Mahjongg Master 2 Special Edition
Malwarebytes' Anti-Malware
McKeague Trigonometry 5e
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
NoAd HOSTS file (remove only)
NVIDIA Display Driver
Pacific Poker
PhoTags Express
Princess Fashion Boutique 2
Puzzle Master 2 Special Edition
QuickTime
Reader Rabbit Kindergarten
RealArcade
RealPlayer
Reversi
Rhapsody Player Engine
Rhapsody Player Engine
RunAlyzer
Safecracker
Scanner Loader
ScanToWeb
Scooby-Doo(TM), Case File #2 The Scary Stone Dragon
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Sierra Home Architect
Sierra Interior Design Collection
Sierra Photo Home Interiors
SoundMAX
Spybot - Search & Destroy 1.4
The Go Ronald Games
Tic Tac Toe
Uninstall Dual Mode Camera
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Word Search Mania
Word Skramble
Word Wiz
Xingtone Ringtone Maker
Yahoo! Toolbar

It appears from the way your logs are posting, that you have turned on "Word Wrap" in Notepad. This makes the logs much more difficult to work with, please turn WW off for the duration of our time together.

Notepad > Format > Word Wrap UNCHECKED.

Are you using a router? If so I suggest you reset the router and the password.

The first time you ran combofix, Recover Console did not get installed. We are going to use CFScript to remove one malware file and that will give combofix a chance to install RC before we remove it. Make sure you are online when you run it and you allow the installation, follow the directions carefully.

Open notepad and copy/paste the text in the codebox below into it:


File::
c:\windows\system32\hwvusknf.exe

Save this as CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Thanks

This can be done as time permits, but it is very important.
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.

Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

I notice you have no Adobe Reader and that is fine if you do not use one. If you want one that is about 1/10 the size of the Adobe Reader, look at this one: http://www.foxitsoftware.com/pdf/rd_intro.php
That is your call.

J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
These are both out of date and unsafe, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php

Spybot - Search & Destroy 1.4 <<< this is out of date, see this:
Please be sure Spybot S&D is up to date and fully immunized.
Spybot-S&D 1.6 has arrived! 8. July 2008
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/news/2008-07-08.html
http://www.safer-networking.org/en/faq/index.html

Got Recover Console to install. Also, looked at Word Wrap and it is currently NOT checked. After I had problems this morning and turned off my copmputer, I also reset my router. I have not had any problems since then. Thank you for the information about out of date programs. This is something I had not thought of and will remedy (probaly tonight.... snowed in and nothing alse to do) Here's the latest ComboFix log.
THANKS AGAIN

Charles

ComboFix 08-12-20.01 - Charlies 2008-12-26 16:37:02.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.75 [GMT -8:00]
Running from: c:\documents and settings\Charlies\Desktop\combofix.exe
Command switches used :: c:\documents and settings\Charlies\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\hwvusknf.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\hwvusknf.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.

2008-12-26 09:03 . 2008-12-26 09:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 09:03 . 2008-12-26 09:03 <DIR> d-------- c:\documents and settings\Charlies\Application Data\Malwarebytes
2008-12-26 09:03 . 2008-12-26 09:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-26 09:03 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 09:03 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-20 21:12 . 2008-12-20 21:20 <DIR> d-------- C:\open
2008-12-20 20:32 . 2008-12-20 20:32 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 16:26 . 2008-12-20 16:57 <DIR> d-------- C:\music and pictures
2008-12-20 15:59 . 2008-12-20 15:59 <DIR> d-------- c:\program files\Safer Networking
2008-11-28 10:39 . 2008-11-28 10:39 <DIR> d-------- c:\program files\NCH Software
2008-11-28 10:33 . 2008-11-28 10:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\atsrofan
2008-12-26 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\ahulpxse
2008-12-21 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 05:43 --------- d-----w c:\program files\Google
2008-12-20 05:34 --------- d-----w c:\program files\BFG
2008-12-17 00:49 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-17 00:47 --------- d-----w c:\program files\EPSON
2008-12-17 00:46 --------- d-----w c:\program files\Common Files\EPSON
2008-12-08 22:23 --------- d-----w c:\program files\Beachhead 2000
2008-12-02 04:18 --------- d-----w c:\documents and settings\Charlies\Application Data\U3
2008-11-25 04:41 --------- d-----w c:\documents and settings\Charlies\Application Data\Xingtone
2008-11-14 23:52 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-14 23:52 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-14 23:52 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-14 23:52 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-13 19:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2007-12-17 21:55 64,072 ----a-w c:\documents and settings\CANDICE\Application Data\GDIPFONTCACHEV1.DAT
2007-12-13 18:59 64,072 ----a-w c:\documents and settings\Charlies\Application Data\GDIPFONTCACHEV1.DAT
2006-06-20 23:26 64,072 -c--a-w c:\documents and settings\Amber\Application Data\GDIPFONTCACHEV1.DAT
2005-12-28 23:46 62,808 -c--a-w c:\documents and settings\Amanda\Application Data\GDIPFONTCACHEV1.DAT
2005-04-01 22:05 56 --sh--r c:\windows\system32\3ECC20D969.sys
2005-04-01 22:05 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-20_20.24.22.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-02-22 18:38:33 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-12-22 22:08:45 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv
"aux"= sysaudio.sys

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\FlashFXP\\flashfxp.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Xingtone\\Xingtone Ringtone Maker\\Xingtone.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\KTC111.SYS [2004-09-02 19016]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2815e23a-a685-11dc-bd11-00c0f0740a91}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 16:40:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\ES.DLL
.
Completion time: 2008-12-26 16:43:08
ComboFix-quarantined-files.txt 2008-12-27 00:42:38
ComboFix2.txt 2008-12-21 04:25:27

Pre-Run: 15,677,108,224 bytes free
Post-Run: 15,752,499,200 bytes free

123 --- E O F --- 2007-11-29 11:00:49

Here is information about Recovery Console:
http://support.microsoft.com/kb/314058
http://support.microsoft.com/kb/307654
Recovery Console is a tool that will allow you to recover from a catastrophic system failure, so let's hope you never need it. Many experts believe Microsoft should have installed it by default.

Hi Charles, I love to ski and live in Clearwater, Florida (82 today) so I envy your snow a little bit

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, update it and run it once a month or so)


I see no antivirus program and it is cyber-suicide running without one anymore. Here are three that are free, install only one, update and scan the system.

http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
How to Install Free version AVG 8.0 without LinkScanner feature
http://russelltexas.com/tutorials/avg8install.htm

http://www.avast.com/eng/avast_4_home.html

http://www.free-av.com/


If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...Phil:santa:
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html

Thanks for all of the additional info. All is well with my computer now. I will download Avast, delete all my out of date/unused stuff, and update more frequently. Thank you for all of the time you have given me :bigthumb::bigthumb: