Right on guys! This did it. everything appears to be running normal! What a wonderful service you provide!

Thank you so much ladygreenwitch and Pancake!
You two are the best!

PS, here is the combofix log you requested Pancake.

ComboFix 09-04-30.05 - Steve Jacobs 04/30/2009 18:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.277 [GMT -7:00]
Running from: c:\documents and settings\Steve Jacobs\Desktop\xxx.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\4223_up.exe
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WKSPATCH


((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-30 04:19 . 2009-04-30 05:49 -------- d--h--w C:\$AVG8.VAULT$
2009-04-30 03:32 . 2009-04-30 03:32 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-30 03:32 . 2009-04-30 03:32 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-30 03:32 . 2009-04-30 03:32 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-30 03:31 . 2009-04-30 03:31 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-30 03:31 . 2009-04-30 03:32 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-30 03:31 . 2009-04-30 03:31 -------- d-----w c:\program files\AVG
2009-04-30 03:31 . 2009-05-01 01:31 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-28 01:13 . 2008-12-11 15:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-28 01:12 . 2009-04-03 18:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-28 01:12 . 2008-12-18 19:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-28 01:12 . 2009-04-28 01:20 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-28 01:12 . 2008-12-10 18:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-28 01:11 . 2009-04-28 01:11 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-28 01:11 . 2009-04-30 03:17 -------- d-----w c:\program files\Spyware Doctor
2009-04-28 01:11 . 2009-04-28 01:11 -------- d-----w c:\documents and settings\Steve Jacobs\Application Data\PC Tools
2009-04-26 17:24 . 2009-04-26 17:24 -------- d-----w c:\windows\system32\XPSViewer
2009-04-26 17:23 . 2009-04-26 17:23 -------- d-----w c:\program files\MSBuild
2009-04-26 17:23 . 2009-04-26 17:23 -------- d-----w c:\program files\Reference Assemblies
2009-04-26 17:18 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-26 17:18 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-04-26 17:18 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-04-26 17:18 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-26 17:18 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-26 17:18 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-26 17:18 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-26 13:38 . 2009-04-26 13:38 -------- d-----w c:\documents and settings\Steve Jacobs\Application Data\Malwarebytes
2009-04-26 13:38 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-26 13:38 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-26 13:38 . 2009-04-26 13:38 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-26 13:38 . 2009-04-26 14:08 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-24 02:47 . 2009-04-24 02:47 -------- dc----w c:\documents and settings\All Users\Application Data\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}
2009-04-24 02:40 . 2009-04-24 02:40 -------- d--h--r C:\AHCache
2009-04-24 02:23 . 2009-04-24 02:26 -------- dc-h--w c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
2009-04-15 16:42 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:42 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 16:42 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 16:42 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:42 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:42 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:42 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 16:42 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:42 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:18 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 16:18 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 17:11 . 2009-04-10 17:11 -------- d-----w c:\program files\iPod
2009-04-10 17:11 . 2009-04-10 17:11 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-05 22:47 . 2009-04-05 22:47 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2009-04-05 22:03 . 2009-04-05 22:04 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-04-05 15:21 . 2009-04-05 15:21 -------- d-----w c:\documents and settings\LocalService\Application Data\Roxio
2009-04-05 15:12 . 2008-04-13 18:45 32128 ----a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-05 15:12 . 2008-04-13 18:45 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-05 15:10 . 2009-04-18 15:02 256 ----a-w c:\windows\system32\pool.bin
2009-04-05 15:10 . 2009-04-18 14:17 -------- d-----w c:\documents and settings\Steve Jacobs\Application Data\Research In Motion
2009-04-05 15:02 . 2009-04-05 15:02 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-04-05 15:02 . 2009-04-05 15:02 -------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-04-05 14:57 . 2009-04-05 14:57 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-05 14:57 . 2009-04-05 15:01 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-04-05 14:57 . 2009-04-05 14:59 -------- d-----w c:\program files\Roxio
2009-04-05 14:57 . 2009-04-05 14:59 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-04-05 14:44 . 2007-01-18 17:24 26496 ----a-r c:\windows\system32\drivers\RimSerial.sys
2009-04-05 14:42 . 2009-04-05 14:43 -------- d-----w c:\program files\Common Files\Research In Motion
2009-04-05 14:42 . 2009-04-18 14:14 -------- d-----w c:\program files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-30 13:59 . 2004-03-29 03:46 -------- d-----w c:\program files\Google
2009-04-30 13:45 . 2004-10-03 22:53 119552 -c--a-w c:\documents and settings\Steve Jacobs\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 14:35 . 2005-05-30 03:06 -------- d-----w c:\program files\Hijack This
2009-04-24 02:25 . 2008-06-22 16:25 -------- d-----w c:\program files\Uniblue
2009-04-15 17:06 . 2004-07-30 00:50 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-10 17:11 . 2008-11-23 16:11 -------- d-----w c:\program files\iTunes
2009-04-10 17:11 . 2007-07-04 15:12 -------- d-----w c:\program files\Common Files\Apple
2009-03-27 11:35 . 2008-05-13 18:09 -------- d-----w c:\program files\Filzip
2009-03-25 18:06 . 2006-10-14 19:50 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 18:06 . 2006-10-14 19:50 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 18:06 . 2006-10-14 19:50 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 18:06 . 2006-10-14 19:50 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 18:05 . 2006-10-14 19:50 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-19 23:32 . 2008-01-29 19:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 03:07 . 2009-03-18 03:07 -------- d-----w c:\program files\Bonjour
2009-03-18 03:06 . 2009-03-18 03:06 -------- d-----w c:\program files\QuickTime
2009-03-06 14:22 . 2002-08-29 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 06:59 . 2009-03-18 03:02 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2007-11-17 05:22 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-02-07 01:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 01:30 . 2009-03-02 01:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2002-08-29 10:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-05-02 02:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2002-08-29 10:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2002-08-29 10:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2002-08-29 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 02:02 . 1980-01-01 05:00 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2002-08-29 10:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 1980-01-01 05:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2002-08-29 10:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2002-08-29 10:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Uniblue PowerSuite"="c:\program files\Uniblue\PowerSuite\PowerSuite.exe" [2008-01-29 3202832]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-19 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-30 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-30 03:32 10520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 mrtRate;mrtRate; [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2009-04-06 38496]
R3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCND532.sys [2007-05-14 46848]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\ avgrkx86.sys [2009-04-30 12552]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-30 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-30 108552]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-30 298264]


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5fbf167a-26c8-11dd-acf7-000bdbb5a6ef}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{84d23e58-d61b-11dd-ad77-000bdbb5a6ef}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2009-05-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-02 02:05]

2009-04-24 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]

2009-04-28 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-06-22 16:20]

2008-06-22 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-06-22 16:20]

2008-06-22 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-06-22 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: turbotax.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE0} - hxxps://www.external.net/external/citrix/ica32t.exe
FF - ProfilePath - c:\documents and settings\Steve Jacobs\Application Data\Mozilla\Firefox\Profiles\ryjk93wx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 18:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(500)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2009-05-01 18:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-01 01:53

Pre-Run: 24,325,038,080 bytes free
Post-Run: 24,584,200,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

240 --- E O F --- 2009-04-27 03:18

That all looks ok.You should be fine now..

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted text below into the box and click OK.

ComboFix /u

Please read these for future reference:
http://www.pchelpforum.com/new-hijac...ing-sites.html
http://www.pchelpforum.com/new-hijac...-infected.html
http://www.pchelpforum.com/progress-...afterwork.html

YAY!! Glad to hear it guys,

@ BonerMalone, make sure you recommend us to your friends and family. We hope to see you around the forum, just for the fun, and education of it.

It would be a good idea, to make sure that all of your files are cleaned up, and that you are completely protected, let us know if you would like some guidance for that.

Otherwise, TTFN

LGW

Marked as Fixed