I guess i just mis-read the thread i was reading. Here is a combofix log that was generated. I didn't mean to jump ahead of the game. I just have been surfing these threads all day trying to get this fixed and I am just getting frustrated.
ComboFix 09-01-11.04 - RMStar 2009-01-12 21:06:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.219 [GMT -6:00]
Running from: c:\documents and settings\RMStar\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090112-0] *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.
2009-01-12 19:11 . 2009-01-12 19:11 <DIR> d-------- c:\program files\Avenger
2009-01-12 17:20 . 2009-01-12 17:35 <DIR> d-------- c:\program files\RegCure
2009-01-10 14:51 . 2009-01-10 14:53 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-10 14:38 . 2009-01-11 12:33 <DIR> d-------- c:\program files\MalwareRemovalBot
2009-01-10 14:38 . 2009-01-10 14:47 <DIR> d-------- c:\documents and settings\RMStar\Application Data\MalwareRemovalBot
2009-01-10 14:34 . 2009-01-10 14:34 <DIR> d-------- c:\documents and settings\RMStar\Application Data\Uniblue
2009-01-09 22:08 . 2009-01-09 22:08 <DIR> d-------- c:\program files\Alwil Software
2009-01-09 21:27 . 2009-01-09 21:27 737,280 --a------ c:\windows\iun6002.exe
2009-01-09 11:58 . 2009-01-09 11:58 <DIR> d-------- c:\program files\Red Orb
2009-01-08 19:54 . 2009-01-10 09:36 <DIR> d-------- c:\program files\Warcraft III
2009-01-08 14:47 . 2009-01-08 14:54 <DIR> d-------- c:\program files\Thief - Deadly Shadows
2008-12-29 11:24 . 2008-12-29 11:24 <DIR> d-------- c:\program files\TomTom HOME 2
2008-12-29 11:24 . 2008-12-29 11:24 <DIR> d-------- c:\documents and settings\RMStar\Application Data\TomTom
2008-12-29 11:24 . 2008-12-29 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\TomTom
2008-12-29 11:20 . 2008-12-29 11:20 <DIR> d-------- c:\program files\TomTom DesktopSuite
2008-12-27 22:19 . 2008-12-27 22:21 <DIR> d-------- c:\windows\NKCCDViewerSetting
2008-12-27 22:01 . 2008-12-27 22:01 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-12-27 12:51 . 2008-12-27 12:51 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-27 12:49 . 2008-12-27 12:50 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\UMDF
2008-12-27 12:38 . 2008-12-27 12:38 <DIR> d-------- c:\program files\Windows Mobile Device Handbook
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 23:02 --------- d-----w c:\program files\SwiftKit
2009-01-12 21:57 31 ----a-w c:\documents and settings\RMStar\jagex_runescape_preferences.dat
2009-01-12 20:07 --------- d-----w c:\program files\Trend Micro
2009-01-11 18:43 --------- d-----w c:\program files\Bonjour
2009-01-11 03:51 --------- d-----w c:\program files\spywarebegone
2009-01-10 03:31 --------- d-----w c:\program files\SwiftSwitch
2009-01-09 18:06 --------- d-----w c:\documents and settings\RMStar\Application Data\Juniper Networks
2009-01-09 01:57 2,829 ----a-w c:\windows\War3Unin.pif
2009-01-09 01:57 126,976 ----a-w c:\windows\War3Unin.exe
2009-01-08 20:54 43,520 ----a-w c:\windows\SYSTEM32\CmdLineExt03.dll
2009-01-08 02:41 --------- d-----w c:\program files\Lx_cats
2008-12-28 04:01 --------- d-----w c:\program files\Java
2008-12-27 18:40 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-11 00:13 115,909 ----a-w c:\program files\December 2009_COURT OF HONOR.pdf
2008-12-10 01:28 6,407,200 ----a-w c:\program files\kidssavesetup.exe
2008-12-10 01:28 --------- d-----w c:\program files\Kidnexions
2008-12-10 01:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kidnexions
2008-11-21 17:36 --------- d-----w c:\program files\MSXML 4.0
2008-11-21 17:32 --------- d-----w c:\program files\Microsoft Games
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\WUPS.DLL
2008-10-16 20:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-09-23 21:50 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008092320080924\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2004-09-14 339968]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-19 299008]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-09-09 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
c:\documents and settings\RMStar\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-05-07 385024]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-11-26 11:18 81000 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalwareRemovalBot]
--a------ 2009-01-09 10:51 19382272 c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxcccoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxccPSWX.EXE"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"1723:TCP"= 1723:TCP
xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP
xpsp2res.dll,-22016
"500:UDP"= 500:UDP
xpsp2res.dll,-22017
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2009-01-09 111184]
R3 tmcfw;tmcfw;c:\windows\SYSTEM32\DRIVERS\TM_CFW.sys [2007-06-13 300816]
R4 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [2009-01-09 20560]
R4 tmpreflt;tmpreflt;c:\windows\SYSTEM32\DRIVERS\tmpreflt.sys [2007-06-13 36112]
S3 o1394bul;o1394bul;\??\c:\docume~1\RMStar\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\RMStar\LOCALS~1\Temp\o1394bul.sys [?]
S4 TmPfw;TmPfw;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-04-12 943696]
.
Contents of the 'Scheduled Tasks' folder
2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-13 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe [2009-01-09 10:51]
2009-01-13 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot [2009-01-11 12:33]
2009-01-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 12:55]
2009-01-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 12:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-01-12 21:08:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-12 21:10:35
ComboFix-quarantined-files.txt 2009-01-13 03:09:59
ComboFix2.txt 2009-01-13 02:27:02
ComboFix3.txt 2009-01-13 01:26:09
Pre-Run: 11,235,209,216 bytes free
Post-Run: 11,219,984,384 bytes free
208 --- E O F --- 2008-12-29 09:02:06