Used Administrator Profile, and was able to download a new combofix, and it ran when clicked.
Results:

ComboFix 08-10-12.01 - Administrator 2008-10-14 2:08:57.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2255 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ikynbnra.ini
.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.
2008-10-14 01:00 . 2008-10-14 01:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-13 21:48 . 2008-10-13 21:48 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-13 20:22 . 2008-10-13 20:22 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-10-13 20:08 . 2008-10-13 20:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 20:08 . 2008-10-13 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 20:08 . 2008-10-13 20:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-13 20:08 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 20:08 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 19:58 . 2008-10-13 19:58 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-13 17:14 . 2008-10-13 17:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-13 12:31 . 2008-10-13 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\abehqbwd
2008-10-13 12:31 . 2008-10-13 12:31 77,824 --a------ C:\WINDOWS\system32\hgjqrypk.exe
2008-10-13 12:30 . 2008-10-13 12:30 <DIR> d-------- C:\Documents and Settings\User\Application Data\TmpRecentIcons
2008-10-10 13:57 . 2008-10-14 01:07 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-10-10 13:55 . 2008-10-10 13:55 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-10-10 13:12 . 2008-10-10 13:15 <DIR> d-------- C:\Redmoon
2008-10-10 12:56 . 2008-10-10 12:56 <DIR> d-------- C:\WINDOWS\Sun
2008-10-10 12:32 . 2008-10-10 12:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-10-10 12:32 . 2008-04-13 19:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-10 12:31 . 2008-10-10 12:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-10 12:31 . 2008-10-10 12:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-10-10 12:25 . 2008-10-10 12:26 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-10 12:24 . 2008-10-10 12:24 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-10 12:23 . 2008-10-10 12:23 <DIR> d-------- C:\Program Files\Real
2008-10-10 12:23 . 2008-10-10 12:24 <DIR> d-------- C:\Program Files\Common Files\Real
2008-10-10 12:23 . 2008-10-10 12:23 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-10-10 12:23 . 2008-10-10 12:23 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-10-10 12:21 . 2008-10-10 12:21 <DIR> d-------- C:\Program Files\QuickTime
2008-10-10 12:21 . 2008-10-10 12:21 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-10 12:21 . 2008-10-10 12:21 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-10 12:21 . 2008-10-10 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-10 12:21 . 2008-10-10 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-10 12:17 . 2008-10-10 13:55 <DIR> d-------- C:\Program Files\Java
2008-10-10 12:17 . 2008-10-10 12:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-10 12:17 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-10 11:26 . 2008-10-10 11:26 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-10 11:26 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-10-10 11:26 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-10-10 00:00 . 2008-10-14 00:19 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-10 00:00 . 2008-10-10 00:00 <DIR> d-------- C:\Program Files\AVG
2008-10-10 00:00 . 2008-10-10 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-10 00:00 . 2008-10-10 00:00 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-10 00:00 . 2008-10-10 00:00 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-10 00:00 . 2008-10-10 00:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-09 23:15 . 2008-10-09 23:16 <DIR> d-------- C:\Program Files\BitLord
2008-10-09 23:11 . 2008-10-09 23:11 <DIR> d-------- C:\Documents and Settings\User\Application Data\Thunderbird
2008-10-09 21:45 . 2008-10-09 21:45 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-10-09 21:45 . 2008-10-09 21:45 <DIR> d-------- C:\WINDOWS\nview
2008-10-09 21:45 . 2008-10-09 21:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 21:45 . 2008-10-09 21:45 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-10-09 21:45 . 2008-10-09 21:45 <DIR> d-------- C:\NVIDIA
2008-10-09 21:45 . 2008-09-16 21:27 453,152 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-10-09 21:45 . 2008-09-17 09:55 453,152 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-10-09 21:45 . 2008-10-14 01:07 200,712 --a------ C:\WINDOWS\system32\nvapps.xml
2008-10-09 21:45 . 2008-09-17 09:55 18,394 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-10-09 21:18 . 2008-10-10 12:26 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-10-09 21:16 . 2008-10-09 21:16 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-09 21:15 . 2008-10-09 21:15 <DIR> d-------- C:\Program Files\CONEXANT
2008-10-09 21:15 . 2003-11-17 15:56 1,042,432 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2008-10-09 21:15 . 2003-11-17 15:58 680,704 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-10-09 21:15 . 2003-11-17 15:59 212,224 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
2008-10-09 21:15 . 2003-11-19 02:15 128,398 --a------ C:\WINDOWS\system32\drivers\del200f.cty
2008-10-09 21:15 . 2003-10-23 15:01 32,218 --a------ C:\WINDOWS\system32\HSFCI008.dll
2008-10-09 21:15 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-10-09 21:15 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-10-09 21:13 . 2008-10-09 21:13 <DIR> d-------- C:\Program Files\SigmaTel
2008-10-09 21:10 . 2008-10-09 21:10 <DIR> d-------- C:\Program Files\Intel
2008-10-09 21:09 . 2008-10-09 21:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-10-09 21:06 . 2008-10-09 21:06 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-10-09 20:59 . 2008-06-23 11:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-09 20:59 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-09 20:59 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-09 20:59 . 2008-06-23 11:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-09 20:59 . 2008-06-23 11:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-09 20:59 . 2008-06-23 11:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-09 20:59 . 2008-06-23 11:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-09 20:59 . 2008-06-23 11:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-09 20:59 . 2008-06-23 04:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-09 20:38 . 2008-10-09 20:38 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-09 20:38 . 2008-10-09 20:38 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-09 20:38 . 2008-10-09 20:38 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-09 20:17 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-09 20:12 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-09 20:08 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-09 20:08 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-09 19:49 . 2008-10-09 20:43 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-10-09 19:48 . 2008-10-09 19:48 <DIR> d-------- C:\WINDOWS\provisioning
2008-10-09 19:48 . 2008-10-09 20:38 <DIR> d-------- C:\WINDOWS\peernet
2008-10-09 19:47 . 2008-10-09 19:47 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-09 19:44 . 2008-10-09 20:32 <DIR> d-------- C:\WINDOWS\EHome
2008-10-09 19:41 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-10-09 19:41 . 2008-04-14 05:42 11,264 --------- C:\WINDOWS\system32\spnpinst.exe
2008-10-09 19:41 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-10-09 19:41 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-10-09 19:34 . 2008-10-09 19:34 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-10-09 19:31 . 2008-10-09 20:38 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-09 19:31 . 2008-10-09 21:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-09 19:31 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-09 16:34 . 2008-04-13 12:39 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2008-10-09 16:34 . 2008-04-13 19:12 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-10-09 16:34 . 2008-04-13 19:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-10-09 16:34 . 2008-04-13 19:11 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-10-09 16:34 . 2008-04-13 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-04 14:31 288,024 ----a-w C:\WINDOWS\system32\PhysXCplUI.exe
2008-08-29 13:57 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2008-09-17 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-10 1234712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-10 185872]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 C:\WINDOWS\stsystra.exe]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\User\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll lvzfxx.dll xmmfae.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-10 97928]
S2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-10 875288]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
S2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-10 76040]
S3 s3m;s3m;C:\WINDOWS\system32\DRIVERS\s3m.sys [2001-08-17 166720]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u9v2fyaq.default\
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 02:10:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-10-14 2:10:50
ComboFix-quarantined-files.txt 2008-10-14 07:10:48
Pre-Run: 149,122,543,616 bytes free
Post-Run: 149,319,524,352 bytes free
175 --- E O F --- 2008-10-10 20:59:43

Must sleep now. Have to be up for work in 5 hours.

I appreciate everything, and look forward to your continued assistance in getting my computer back to normal.
-martinimos-

Just this to fix and we should be all done.

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

ComboFix 08-10-12.01 - Administrator 2008-10-14 7:48:00.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2307 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\hgjqrypk.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\abehqbwd
C:\WINDOWS\system32\hgjqrypk.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.

2008-10-14 01:00 . 2008-10-14 01:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-13 21:48 . 2008-10-13 21:48 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-13 20:22 . 2008-10-13 20:22 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-10-13 20:08 . 2008-10-13 20:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 20:08 . 2008-10-13 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 20:08 . 2008-10-13 20:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-13 20:08 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 20:08 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 19:58 . 2008-10-13 19:58 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-13 17:14 . 2008-10-13 17:14 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-13 12:30 . 2008-10-13 12:30 <DIR> d-------- C:\Documents and Settings\User\Application Data\TmpRecentIcons
2008-10-10 13:57 . 2008-10-14 01:07 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-10-10 13:55 . 2008-10-10 13:55 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-10-10 13:12 . 2008-10-10 13:15 <DIR> d-------- C:\Redmoon
2008-10-10 12:56 . 2008-10-10 12:56 <DIR> d-------- C:\WINDOWS\Sun
2008-10-10 12:32 . 2008-10-10 12:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-10-10 12:32 . 2008-04-13 19:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-10 12:31 . 2008-10-10 12:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-10 12:31 . 2008-10-10 12:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-10-10 12:25 . 2008-10-10 12:26 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-10 12:24 . 2008-10-10 12:24 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-10 12:23 . 2008-10-10 12:23 <DIR> d-------- C:\Program Files\Real
2008-10-10 12:23 . 2008-10-10 12:24 <DIR> d-------- C:\Program Files\Common Files\Real
2008-10-10 12:23 . 2008-10-10 12:23 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-10-10 12:23 . 2008-10-10 12:23 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-10-10 12:21 . 2008-10-10 12:21 <DIR> d-------- C:\Program Files\QuickTime
2008-10-10 12:21 . 2008-10-10 12:21 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-10 12:21 . 2008-10-10 12:21 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-10 12:21 . 2008-10-10 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-10 12:21 . 2008-10-10 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-10 12:17 . 2008-10-10 13:55 <DIR> d-------- C:\Program Files\Java
2008-10-10 12:17 . 2008-10-10 12:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-10 12:17 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-10 11:26 . 2008-10-10 11:26 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-10 11:26 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-10-10 11:26 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-10-10 00:00 . 2008-10-14 00:19 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-10 00:00 . 2008-10-10 00:00 <DIR> d-------- C:\Program Files\AVG
2008-10-10 00:00 . 2008-10-10 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-10 00:00 . 2008-10-10 00:00 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-10 00:00 . 2008-10-10 00:00 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-10 00:00 . 2008-10-10 00:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-09 23:15 . 2008-10-09 23:16 <DIR> d-------- C:\Program Files\BitLord
2008-10-09 23:11 . 2008-10-09 23:11 <DIR> d-------- C:\Documents and Settings\User\Application Data\Thunderbird
2008-10-09 21:45 . 2008-10-09 21:45 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-10-09 21:45 . 2008-10-09 21:45 <DIR> d-------- C:\WINDOWS\nview
2008-10-09 21:45 . 2008-10-09 21:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-09 21:45 . 2008-10-09 21:45 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-10-09 21:45 . 2008-10-09 21:45 <DIR> d-------- C:\NVIDIA
2008-10-09 21:45 . 2008-09-16 21:27 453,152 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-10-09 21:45 . 2008-09-17 09:55 453,152 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-10-09 21:45 . 2008-10-14 01:07 200,712 --a------ C:\WINDOWS\system32\nvapps.xml
2008-10-09 21:45 . 2008-09-17 09:55 18,394 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-10-09 21:18 . 2008-10-10 12:26 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-10-09 21:16 . 2008-10-09 21:16 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-09 21:15 . 2008-10-09 21:15 <DIR> d-------- C:\Program Files\CONEXANT
2008-10-09 21:15 . 2003-11-17 15:56 1,042,432 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2008-10-09 21:15 . 2003-11-17 15:58 680,704 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-10-09 21:15 . 2003-11-17 15:59 212,224 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
2008-10-09 21:15 . 2003-11-19 02:15 128,398 --a------ C:\WINDOWS\system32\drivers\del200f.cty
2008-10-09 21:15 . 2003-10-23 15:01 32,218 --a------ C:\WINDOWS\system32\HSFCI008.dll
2008-10-09 21:15 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-10-09 21:15 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-10-09 21:13 . 2008-10-09 21:13 <DIR> d-------- C:\Program Files\SigmaTel
2008-10-09 21:10 . 2008-10-09 21:10 <DIR> d-------- C:\Program Files\Intel
2008-10-09 21:09 . 2008-10-09 21:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-10-09 21:06 . 2008-10-09 21:06 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-10-09 20:59 . 2008-06-23 11:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-09 20:59 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-09 20:59 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-09 20:59 . 2008-06-23 11:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-09 20:59 . 2008-06-23 11:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-09 20:59 . 2008-06-23 11:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-09 20:59 . 2008-06-23 11:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-09 20:59 . 2008-06-23 11:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-09 20:59 . 2008-06-23 04:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-09 20:38 . 2008-10-09 20:38 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-09 20:38 . 2008-10-09 20:38 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-09 20:38 . 2008-10-09 20:38 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-09 20:17 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-09 20:12 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-09 20:08 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-09 20:08 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-09 19:49 . 2008-10-09 20:43 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-10-09 19:48 . 2008-10-09 19:48 <DIR> d-------- C:\WINDOWS\provisioning
2008-10-09 19:48 . 2008-10-09 20:38 <DIR> d-------- C:\WINDOWS\peernet
2008-10-09 19:47 . 2008-10-09 19:47 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-09 19:44 . 2008-10-09 20:32 <DIR> d-------- C:\WINDOWS\EHome
2008-10-09 19:41 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-10-09 19:41 . 2008-04-14 05:42 11,264 --------- C:\WINDOWS\system32\spnpinst.exe
2008-10-09 19:41 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-10-09 19:41 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-10-09 19:34 . 2008-10-09 19:34 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-10-09 19:31 . 2008-10-09 20:38 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-09 19:31 . 2008-10-09 21:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-09 19:31 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-09 16:34 . 2008-04-13 12:39 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2008-10-09 16:34 . 2008-04-13 19:12 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-10-09 16:34 . 2008-04-13 19:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-10-09 16:34 . 2008-04-13 19:11 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-10-09 16:34 . 2008-04-13 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-04 14:31 288,024 ----a-w C:\WINDOWS\system32\PhysXCplUI.exe
2008-08-29 13:57 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2008-09-17 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-10 1234712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-10 185872]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 C:\WINDOWS\stsystra.exe]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll lvzfxx.dll xmmfae.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-10 97928]
S2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-10 875288]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
S2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-10 76040]
S3 s3m;s3m;C:\WINDOWS\system32\DRIVERS\s3m.sys [2001-08-17 166720]
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 07:49:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-10-14 7:50:10
ComboFix-quarantined-files.txt 2008-10-14 12:50:08
ComboFix2.txt 2008-10-14 07:10:51

Pre-Run: 149,325,910,016 bytes free
Post-Run: 149,318,336,512 bytes free

175 --- E O F --- 2008-10-10 20:59:43


---------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:30 AM, on 10/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1141165905875
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll lvzfxx.dll xmmfae.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2463 bytes

---------------------------------------------------

edit: I'm also still running in safe mode.

Have since rebooted computer and am running in normal operating mode. Haven't yet had any popups, or any other indication of malware. Have enabled my Antivirus and firewall. Should I run another series of mbam and HJT?

We had better take these two old dead ones out.

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*