I got the malwarebytes program to install. I allowed it to be on the startup registry this time. It is on the start menu and also in the "all programs" menu list,. However, upon choosing it to run, it just makes the hourglass show for some seconds and then that is all. The program mbam.exe appears in the task manager, but again, there is no gui to be seen, although I am not for sure that there should be one there.

I ran the renamed mbam install program again and this time let spybot allow it to change the registry startup value. This time it installed into the start menu in "all programs". ( Come to think of it, maybe what the spybot was talking about was the start menu in the lower corner, and not meaning that it would start automatically when the computer starts. )

Now however, when asking malwarebytes to run, an hourglass just shows for some seconds, and then nothing happens, although an mbam.exe process then lists in the task manager window.

I tried the renaming trick for hijack this and that worked to get it to run. Here is the file....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:42 AM, on 3/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\MDM.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.asianet.co.th:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125522645083
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1190016832053
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9376 bytes


PS,... the zonealarm lists a program called wJQs.exe in the programs list, which might have meaning. Doing a google search on it says it is bad.

You never rebooted after running MBA-M.

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Well, between the malwarebytes and superantispyware and maybe something else, ...who knows,...the problem with firefox seems to be fixed for now. But i want to fix the problem and run the combofix application, but I don't know how to shut down all the anti malware applications that are running on my computer. I know there are several, but I wouldn't know which ones are running or not. I am including a screenshot of my taskmanager list of running programs in hopes that you could tell me what to shut down before loading and installing the combofix.

Thanks very very much for getting me this far, as I said, everything is running much better already after getting those programs loaded. But there are still some bad things happening, and sometimes I don't know if it is a fake application that is presenting things.

No screenshot visible.

Sorry for delay. Below is a list of things running. I wouldn't know how to shut off all the anti spyware and antivirus stuff that is on there unless I knew which ones to kill in the taskmanager. I researched and downloaded a seemingly very nice taskmanager program called system explorer which produced the following list of things running. Perhaps you might see some bad things in there that could be causing some other problems. Thanks!

PS, sorry about the absent screenshot, I tried to include it as an attachment because I don't know how to post a screenshot here yet.




Image Name Security CPU PID Mem Usage (K) VM Size
Explorer.EXE Safe 1836 8,708 16,956
6f9c76c5-1ed7-4078-90fc-bce8e84f5998.exe Unknown 3204 460 85,132
atwtusb.exe Pending 1964 340 1,952
avgtray.exe Safe 2240 5,060 5,352
avgcsrvx.exe Safe 1540 96 6,616
ctfmon.exe Safe 2176 568 1,064
hkcmd.exe Safe 3864 1,284 1,936
igfxtray.exe Safe 3792 320 1,832
RoboTaskBarIcon.exe Unknown 2612 2,440 2,364
Skype.exe Unknown 3916 34,276 33,960
skypePM.exe Safe 524 3,424 17,560
SynTPEnh.exe Pending 1936 2,012 3,676
SynTPLpr.exe Pending 4020 572 868
TeaTimer.exe Safe 2188 28,708 76,688
TPHKMGR.exe Safe 3960 1,072 4,036
TPONSCR.exe Safe 664 672 852
TpScrex.exe Unknown 1056 288 796
zlclient.exe Safe 2316 2,268 10,008
firefox.exe Safe 2 2564 165,932 178,552
regmech.exe Safe 3032 6,528 19,588
System Safe 1 4 112 0
smss.exe Safe 784 48 172
csrss.exe Safe 864 2,740 1,744
winlogon.exe Safe 888 2,836 6,636
lsass.exe Safe 944 1,372 4,256
services.exe Safe 932 3,592 2,204
avgemc.exe Unknown 1584 688 4,044
avgcsrvx.exe Safe 2052 88 6,472
avgwdsvc.exe Safe 1804 2,360 4,600
avgnsx.exe Safe 3156 340 3,424
avgrsx.exe Safe 388 27,712 14,820
ibmpmsvc.exe Unknown 1104 172 584
QCONSVC.EXE Unknown 568 780 908
SMAgent.exe Unknown 692 92 688
spoolsv.exe Safe 1264 1,380 3,520
sqlbrowser.exe Safe 1012 96 780
sqlservr.exe Unknown 1612 4,620 34,192
sqlwriter.exe Unknown 1476 788 1,040
svchost.exe Safe 1144 1,836 3,300
svchost.exe Safe 1224 1,552 1,948
svchost.exe Safe 1384 18,176 19,188
wuauclt.exe Safe 3492 4,192 2,412
wuauclt.exe Safe 280 6,904 6,480
svchost.exe Safe 1436 1,676 1,744
svchost.exe Safe 1564 1,904 6,264
svchost.exe Safe 1684 1,676 2,512
svchost.exe Safe 1504 268 1,660
SyncServices.exe Pending 1832 1,036 3,804
TpKmpSVC.exe Safe 1652 80 488
vsmon.exe Safe 1576 12,844 17,440
SystemExplorer.exe Safe 98 1892 2,508 18,080

Here is another thing that keeps happening from an AVG alert window, but the program doesn't allow removal of them:

"C:\System Volume Information\_restore{C49BD92C-9C3F-4BDD-866F-EAF535330B6C}\RP893\A0144192.dll";"Trojan horse FakeAlert.GL";"Moved to Virus Vault"
"C:\System Volume Information\_restore{C49BD92C-9C3F-4BDD-866F-EAF535330B6C}\RP893\A0144192.dll";"Trojan horse FakeAlert.GL";"Deleted"
"C:\System Volume Information\_restore{C49BD92C-9C3F-4BDD-866F-EAF535330B6C}\RP893\A0144194.dll";"Trojan horse FakeAlert.GL";"Moved to Virus Vault"
"C:\System Volume Information\_restore{C49BD92C-9C3F-4BDD-866F-EAF535330B6C}\RP893\A0144194.dll";"Trojan horse FakeAlert.GL";"Infected"
"C:\System Volume Information\_restore{C49BD92C-9C3F-4BDD-866F-EAF535330B6C}\RP893\A0144194.dll";"Trojan horse FakeAlert.GL";"Infected"
"C:\System Volume Information\_restore{C49BD92C-9C3F-4BDD-866F-EAF535330B6C}\RP893\A0144194.dll";"Trojan horse FakeAlert.GL";"Infected"
"C:\System Volume Information\_restore{C49BD92C-9C3F-4BDD-866F-EAF535330B6C}\RP893\A0144194.dll";"Trojan horse FakeAlert.GL";"Infected"
"C:\System Volume Information\_restore{C49BD92C-9C3F-4BDD-866F-EAF535330B6C}\RP893\A0144194.dll";"Trojan horse FakeAlert.GL";"Infected"

avgtray.exe
avgcsrvx.exe
TeaTimer.exe
avgemc.exe
avgcsrvx.exe
avgwdsvc.exe
avgnsx.exe
avgrsx.exe

I cannot get AVG to stop. I tried through the program interface, the windows task manager, and the systems explorer taskbar. Exiting from the avg user interface closes that, but it is still running. Ending the processes from either of the task managers works for a few seconds but they start back up again automatically. I cannot find any other ways to try to make it stop. I think I was able to exit combofix before it ran. I thought it was just the installer for CF that would run first, but it seemed to be the program itself instead. It allowed me an out when the user agreement appeared.