Hi welcome to daniweb, I am presently going through your logs and will post back ASAP, a request however, next time don't attach logs but copy pasted them to the post.
Judy

Ok, several things I see here in the logs.
#1 the ESET scanner clearly says this in the log created at 6:01
meaning you should have shut down immediately after the scan and restarted, did you do this then or at a later time after you had renamed the file?
The first MBA-M scan was done at 7:09 and found and removed all those Adware.MyWebSearch, this was a Quick Scan not a full scan. The second MBA-M run was at 7:31 and nothing was found. The third MBA-M scan was done at 8:25, was a full scan and DID again find Adware.MyWebSearch BUT what this tells me is that this scan was done AFTER a reboot because all of these were found in your System Restore so they were of no harm unless you had used that restore point to do a system restore, I know you didn't, MBA-M then removed those items from System Restore so they should be gone now. The restore point was made when MBA-M first removed the Adware.MyWebSearch but didn't show up until you did a reboot. This is quite common for this to happen, it is a change to specific files so Windows automatically backs those up in case they are needed.

You need to go in and UNINSTALL that Prevx CSI. It may have found something but it's website clearly says well obviously that is not true if you were told you would have to purchase to remove so Uninstall this program. It IS running on your system, it shows in your HJT log, which can interfere with fixes attempted.
I would like you to try the following AFTER Uninstalling the Prevx CSI program.
Make sure that Windows Defender is TURNED OFF. Leave it off, the same goes for Diskeeper. There is no reason this program needs to be running at start up or running all the time. It can be run manually.

Update MBA-M, there have been two database updates since you last updated. It is now database version 1401 your database version shows as 1399.
Reboot the computer in Safe Mode
Run MBA-M again, Full System Scan. Let's see if it will pick up more items. Let it fix everything it finds. Reboot if it is necessary for cleaning.

After rebooting run a new HJT scan and place a check mark next to the following entries if they still exist.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Morpheus Premium\Plugins\RazaWebHook.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\extmgr32.dll
O20 - Winlogon Notify: 10f6fd16502 - C:\WINDOWS\System32\extmgr32.dll
Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot.
Run a new scan with HJT and post back with THAT log and also the MBA-M log, and please only run MBA-M once as instructed.

Yes, I did reboot after that scan. I have scanned with updated MBA-M and it found nothing. Logs posted below. Thanks.


Malwarebytes' Anti-Malware 1.30
Database version: 1401
Windows 5.1.2600 Service Pack 3

11/16/2008 3:13:49 AM
mbam-log-2008-11-16 (03-13-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 151992
Time elapsed: 52 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:16 AM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\All Users\Documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSC...ws-i586-jc.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\extmgr32.dll
O20 - Winlogon Notify: 10f6fd16502 - C:\WINDOWS\System32\extmgr32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7197 bytes

Well I see that the two extmgr32.dll entries are still in the log.
So do the following. Please read this instructions carefully and follow them exactly.


Download ComboFix Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop
Do NOT open any unnecessary programs at this time. If you have IM programs which open automatically when booting, please close them completely. Make sure all browsers are closed completely.

Double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When you double click this combofix icon you may receive a warning note asking if you are sure you want to run the program. This is because combofix doesn't have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
Combofix will then show a screen stating it is preparing to run, ending with a disclaimer screen. You must accept this disclaimer by pressing "1". Then ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically. Save this log to the desktop so that you can find it easily.
Post back here with a copy/paste of that log.

Ran combo fix as you said it wanted me to download some system restore manager or something like that, so I let it do that. Also when it was done there was a new internet explorer icon on my desktop. Should I use the new one or the old one? Here is the ComboFix Log.



ComboFix 08-11-14.01 - Richard Fedie 2008-11-16 13:12:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2843 [GMT -6:00]
Running from: c:\documents and settings\Richard Fedie\My Documents\antivirus\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Diana\Application Data\FunWebProducts
c:\windows\system32\1.tmp
c:\windows\system32\2.tmp
c:\windows\system32\3.tmp
c:\windows\system32\6.tmp

.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-16 02:18 . 2008-11-16 02:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-16 02:17 . 2008-11-16 02:17 <DIR> d-------- c:\documents and settings\Administrator
2008-11-15 19:00 . 2008-11-16 01:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-11-15 16:17 . 2008-11-15 16:40 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-11-14 21:16 . 2008-11-14 21:16 <DIR> d-------- c:\documents and settings\Diana\Application Data\Malwarebytes
2008-11-14 20:38 . 2008-11-14 20:38 <DIR> d-------- c:\documents and settings\Scott\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-11-14 19:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-14 19:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-14 19:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 23:29 . 2008-11-13 23:29 <DIR> d-------- c:\program files\Windows Defender
2008-11-13 21:59 . 2008-11-13 22:07 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-11-13 21:59 . 2008-11-13 22:07 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-11-13 21:50 . 2008-04-14 06:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-13 19:50 . 2008-11-13 19:50 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\ErrorSmart
2008-11-13 18:46 . 2008-11-15 20:52 8,269 --a------ c:\windows\GnuHashes.ini
2008-11-13 18:36 . 2008-11-15 20:44 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-11-13 18:36 . 2008-11-15 20:28 135,168 --a------ c:\windows\system32\extmgr32.dll
2008-11-13 18:36 . 2008-11-15 20:44 1,848 --ahs---- c:\windows\system32\GroupPolicy000.dat
2008-11-11 18:12 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-08 11:36 . 2008-11-08 11:36 <DIR> d-------- c:\program files\Common Files\SWF Studio
2008-11-04 18:27 . 2008-11-04 18:27 0 --a------ c:\windows\PowerReg.dat
2008-11-04 18:21 . 2008-11-04 18:21 <DIR> d-------- c:\program files\Infogrames Interactive
2008-11-02 16:58 . 2008-11-02 16:58 <DIR> d-------- c:\documents and settings\Diana\Application Data\HP
2008-11-02 02:11 . 2008-11-05 21:41 <DIR> d-------- C:\CreatePhotoCalendars
2008-11-01 22:51 . 2008-11-01 22:51 <DIR> d-------- c:\program files\Nova Development
2008-11-01 22:51 . 2008-11-01 22:51 <DIR> d-------- c:\program files\Common Files\Nova Development
2008-10-30 11:42 . 2008-10-30 11:42 <DIR> d-------- c:\windows\Sun
2008-10-30 11:41 . 2008-10-30 11:41 <DIR> d-------- c:\program files\Java
2008-10-30 11:41 . 2008-11-03 23:23 <DIR> d-------- c:\program files\Google
2008-10-30 11:41 . 2008-10-30 11:41 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-30 11:41 . 2008-10-30 11:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-10-28 17:09 . 2008-10-28 17:09 0 --a------ c:\windows\system32\sam.ini
2008-10-28 14:25 . 2008-10-28 19:12 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-10-28 12:19 . 2008-10-28 12:19 <DIR> d-------- c:\documents and settings\Scott\Application Data\Atari
2008-10-28 12:08 . 2008-10-28 12:08 <DIR> d-------- c:\documents and settings\Scott\Application Data\DivX
2008-10-26 20:48 . 2008-10-26 20:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-10-26 19:30 . 2008-10-26 19:30 <DIR> d-------- c:\documents and settings\Scott\Application Data\Yahoo!
2008-10-26 18:59 . 2008-10-26 18:59 <DIR> d-------- c:\documents and settings\Diana\Application Data\Yahoo!
2008-10-26 18:19 . 2008-10-26 18:19 <DIR> d-------- c:\program files\Electronic Arts
2008-10-26 18:08 . 2008-10-26 18:08 <DIR> d-------- c:\program files\Rockstar Games
2008-10-26 18:05 . 2008-10-26 18:05 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Yahoo!
2008-10-26 17:59 . 2008-11-04 07:44 <DIR> d-------- c:\program files\Yahoo!
2008-10-26 17:59 . 2008-10-27 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-26 17:56 . 2008-10-26 17:56 <DIR> d-------- c:\program files\Yahoo! Games
2008-10-26 17:42 . 2008-10-26 17:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-10-26 17:32 . 2008-10-26 17:32 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\HP
2008-10-26 17:31 . 2008-10-26 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-10-26 17:31 . 2007-11-08 08:59 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-10-26 17:31 . 2007-10-20 17:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-10-26 17:29 . 2008-10-26 17:29 <DIR> d-------- c:\program files\Common Files\HP
2008-10-26 17:29 . 2008-11-03 23:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-10-26 17:28 . 2008-11-03 23:18 <DIR> d-------- c:\program files\HP
2008-10-26 17:28 . 2008-04-13 23:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-10-26 17:28 . 2008-04-13 23:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-10-26 17:28 . 2008-04-13 23:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-26 17:27 . 2008-04-13 23:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-26 17:27 . 2008-04-13 23:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-26 17:25 . 2008-10-26 17:32 157,388 --a------ c:\windows\hphins26.dat
2008-10-26 17:25 . 2007-12-12 18:01 787 --------- c:\windows\hphmdl26.dat
2008-10-25 22:43 . 2008-10-25 22:43 <DIR> d-------- c:\documents and settings\Scott\Application Data\mioObjects
2008-10-25 16:49 . 2008-10-25 16:49 <DIR> d-------- c:\program files\3D Sports Car Screensaver
2008-10-25 16:49 . 2008-02-14 16:56 10,006,528 --a------ c:\windows\system32\3D Sports Car Screensaver.scr
2008-10-25 16:49 . 2008-02-14 13:16 3,141 --a------ c:\windows\system32\3D Sports Car Screensaver.html
2008-10-25 16:44 . 2008-10-25 16:44 <DIR> d-------- c:\program files\3D Asteroids
2008-10-25 16:41 . 2008-10-28 17:20 882 --a------ c:\windows\eReg.dat
2008-10-25 16:39 . 2008-10-27 18:52 <DIR> d-------- c:\program files\Maxis
2008-10-25 16:37 . 1999-11-24 20:29 196,608 --a------ c:\windows\system32\anfysave.scr
2008-10-25 16:31 . 2008-10-25 16:31 <DIR> d-------- c:\program files\Running Clock 3D Screensaver
2008-10-25 16:31 . 2008-10-25 16:31 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\TERMINAL Studio
2008-10-25 16:31 . 2008-02-14 19:36 3,661,824 --a------ c:\windows\system32\Running Clock 3D Screensaver.scr
2008-10-25 16:31 . 2005-09-21 15:08 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-10-25 16:31 . 2005-09-21 15:08 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-10-25 16:31 . 2006-02-15 17:26 92,216 --a------ c:\windows\system32\bass.dll
2008-10-25 16:31 . 2008-02-14 19:55 3,177 --a------ c:\windows\system32\Running Clock 3D Screensaver.html
2008-10-25 16:29 . 2008-10-25 16:36 <DIR> d-------- c:\program files\Cities of Earth
2008-10-25 16:29 . 2007-09-24 00:08 2,789,376 --a------ c:\windows\system32\Cities.scr
2008-10-25 16:26 . 2008-10-25 16:26 <DIR> d-------- c:\program files\Free Matrix Reality Screensaver
2008-10-25 16:26 . 2008-07-28 12:20 3,403,776 --a------ c:\windows\system32\Free Matrix Reality Screensaver.scr
2008-10-25 16:26 . 2005-09-05 07:01 1,056,768 --a------ c:\windows\system32\FreeImage.dll
2008-10-25 16:26 . 2005-12-21 18:05 245,760 --a------ c:\windows\system32\ImxEx.dll
2008-10-25 16:22 . 2008-10-25 16:22 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\mioObjects
2008-10-25 16:22 . 2008-10-25 16:22 359,431 --a------ c:\windows\system32\mioengine.exe
2008-10-25 16:20 . 2008-10-25 16:20 <DIR> d-------- c:\program files\Proactive Information Corporation
2008-10-25 16:20 . 2004-06-21 16:47 474,431 --a------ c:\windows\system32\Realtime Weather Screen Saver 4.02.scr
2008-10-25 16:20 . 2004-08-28 02:06 61,440 --a------ c:\windows\UnDeploy.exe
2008-10-25 15:32 . 2008-10-25 15:32 <DIR> d-------- c:\documents and settings\Scott\Application Data\Symantec
2008-10-25 15:32 . 2008-10-25 15:32 <DIR> d-------- c:\documents and settings\Scott\Application Data\Shareaza
2008-10-25 15:32 . 2008-11-15 20:33 <DIR> d-------- c:\documents and settings\Scott
2008-10-25 15:25 . 2008-10-25 15:25 <DIR> d-------- c:\documents and settings\Diana\Application Data\Symantec
2008-10-25 15:25 . 2008-10-25 15:25 <DIR> d-------- c:\documents and settings\Diana\Application Data\Shareaza
2008-10-25 15:24 . 2008-11-15 23:04 <DIR> d-------- c:\documents and settings\Diana
2008-10-25 15:18 . 2008-10-25 15:18 <DIR> d-------- c:\program files\Abassis Finance Manager
2008-10-25 15:14 . 2008-10-25 15:14 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Atari
2008-10-25 15:11 . 2008-10-25 15:11 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Leadertech
2008-10-25 15:08 . 2008-10-25 15:08 <DIR> d-------- c:\program files\Atari
2008-10-25 15:01 . 2008-10-25 15:01 74,582 --a------ c:\windows\Uninstal.exe
2008-10-25 14:59 . 2008-10-25 14:59 <DIR> d-------- c:\program files\Free 3D Valley Screensaver
2008-10-25 14:59 . 2008-10-25 14:59 <DIR> d-------- c:\program files\Active Volcano 3D Screensaver
2008-10-25 14:59 . 2008-07-28 10:10 8,073,216 --a------ c:\windows\system32\Free 3D Valley Screensaver.scr
2008-10-25 14:59 . 2008-02-14 17:02 6,008,832 --a------ c:\windows\system32\Active Volcano 3D Screensaver.scr
2008-10-25 14:59 . 2008-02-14 13:38 3,186 --a------ c:\windows\system32\Active Volcano 3D Screensaver.html
2008-10-25 14:58 . 2008-10-25 15:04 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\MechCAD
2008-10-25 14:58 . 2007-02-13 14:53 13,619,200 --a------ c:\windows\system32\Solar System 3D Screensaver.scr
2008-10-25 14:58 . 2007-02-09 13:05 3,226 --a------ c:\windows\system32\SolarSystem3DScreensaver.html
2008-10-25 14:56 . 2008-10-25 14:58 <DIR> d-------- c:\program files\Astro Gemini Software
2008-10-25 14:56 . 2008-10-25 14:56 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Astro Gemini Software
2008-10-25 14:56 . 2008-08-28 10:25 7,938,048 --a------ c:\windows\system32\Planet Earth 3D Screensaver.scr
2008-10-25 14:56 . 2007-11-06 16:46 106,496 --a------ c:\windows\system32\Astro Gemini Screensaver Manager.scr
2008-10-25 14:54 . 2004-10-06 18:38 3,446,272 --a------ c:\windows\Light Driver 2.stg
2008-10-25 14:54 . 2004-10-06 18:22 794,624 --a------ c:\windows\Light Driver 2.scr
2008-10-25 14:54 . 1999-06-25 10:55 149,504 --a------ c:\windows\UNWISE.EXE
2008-10-25 14:52 . 2007-11-23 13:18 9,005,490 --a------ c:\windows\kaleidoscopia.exe
2008-10-25 14:52 . 2008-10-25 14:52 639,995 --a------ c:\windows\unins000.exe
2008-10-25 14:52 . 2007-12-03 09:32 280,064 --a------ c:\windows\kaleidoscopia.scr
2008-10-25 14:52 . 2008-10-25 14:52 894 --a------ c:\windows\unins000.dat
2008-10-24 18:59 . 2008-11-08 11:40 <DIR> d-------- c:\program files\AdvancedDVDPlayer
2008-10-24 17:53 . 2008-10-24 18:01 <DIR> d-------- c:\program files\Shareaza
2008-10-24 17:53 . 2008-10-24 17:53 <DIR> d-------- c:\documents and settings\Richard Fedie\Application Data\Shareaza
2008-10-24 17:44 . 2008-04-14 01:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-10-24 17:44 . 2008-04-14 01:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-10-24 17:44 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-10-24 17:44 . 2001-08-17 14:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-10-24 17:43 . 2008-10-24 17:43 <DIR> d-------- c:\program files\PHILIPS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:18 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:37 --------- d-----w c:\program files\Common Files\Adobe
2008-10-23 09:00 315,392 ----a-w c:\windows\HideWin.exe
2008-10-23 08:59 --------- d-----w c:\program files\Intel
2008-10-23 08:55 --------- d-----w c:\documents and settings\Richard Fedie\Application Data\InterTrust
2008-10-23 08:54 --------- d-----w c:\program files\MSXML 4.0
2008-10-23 08:44 --------- d-----w c:\program files\microsoft frontpage
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-10-15 16:30 148,242 ----a-w c:\program files\Common Files\ReportPreview.app
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-02-24 196709]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-02 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\10f6fd16502]
2008-11-15 20:28 135168 c:\windows\system32\extmgr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\extmgr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-24 149352]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [2008-10-24 7548]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-16 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart\ErrorSmart.exe []

2008-11-16 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart []

2008-11-11 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Richard Fedie.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 13:12:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\System32\extmgr32.dll

PROCESS: c:\windows\system32\lsass.exe
-> c:\windows\System32\extmgr32.dll
.
Completion time: 2008-11-16 13:13:19
ComboFix-quarantined-files.txt 2008-11-16 19:13:17

Pre-Run: 474,280,161,280 bytes free
Post-Run: 474,458,370,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

262 --- E O F --- 2008-11-15 21:09:14

Just out of sheer desperation I ran ESET again and it found like 26 things. Log posted below.


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3615 (20081115)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=7a07914fc4e7e54e917e47c9f1ba585b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-11-16 08:01:44
# local_time=2008-11-16 02:01:44 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=224580
# found=26
# scan_time=1372
C:\WINDOWS\system32\extmgr32.dll Win32/Agent.OAF trojan (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\1.crack.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\1.crack.zip »ZIP »crack.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\10.serial.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\10.serial.zip »ZIP »serial.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\11.setup.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\11.setup.zip »ZIP »setup.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\12.unpack.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\12.unpack.zip »ZIP »unpack.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\13.music.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) AB4352EC7CBEA96323E6530025CEB4DA
C:\WINDOWS\system32\GroupPolicyManifest\2.free_access_to_150_adult_sites.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\2.free_access_to_150_adult_sites.zip »ZIP »free access to 150 adult sites.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\3.free_adult_videos.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\3.free_adult_videos.zip »ZIP »free adult videos.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\4.free_porn_passwords.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\4.free_porn_passwords.zip »ZIP »free porn passwords.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\5.installer.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\5.installer.zip »ZIP »installer.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\6.keygen.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\6.keygen.zip »ZIP »keygen.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\7.nocd.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\7.nocd.zip »ZIP »nocd.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\8.nodvd.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\8.nodvd.zip »ZIP »nodvd.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\9.patch.zip a variant of Win32/TrojanDropper.Delf.NFH trojan (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\GroupPolicyManifest\9.patch.zip »ZIP »patch.exe a variant of Win32/TrojanDropper.Delf.NFH trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

I hope you followed the instructions with ESET scanner and Rebooted your computer, because final cleaning would not take place until a reboot. I say this because you didn't follow the directions for combofix. The instructions clearly state this;
but you ran combofix from here;
There were some additional fixes which needed to be done with combofix but because it was not downloaded to the desktop as directed this cannot be done plus if incorrect removal had taken place (which thankfully I don't believe happened) there would be no backups saved where you had the program placed. They will only be saved properly and then able to be used if the program is downloaded and run from the Desktop.
You will need to go into c:\documents and settings\Richard Fedie\My Documents\antivirus\ and delete that combofix. ESET scanner may have removed some of the items we needed to remove so maybe combofix will not be needed, we will see.
Run me a new HJT scan please.
Judy

Here is the new HJT log. Sorry that I didn't put it on my desktop. I read something on here in the forums about putting stuff on the desktop and said it was for ease of accessing the files. I downloaded another copy of combofix to my desktop and deleted the other, would you want me to run it again? After I ran the ESET scan I did reboot. Thanks for all the help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:55 PM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Richard Fedie\My Documents\antivirus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSC...ws-i586-jc.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\extmgr32.dll
O20 - Winlogon Notify: 10f6fd16502 - C:\WINDOWS\System32\extmgr32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6587 bytes

One thing I will say without question, each and every one of the infected .zip files, infected with Win32/TrojanDropper.Delf.NFH trojan listed in the ESET log are the result of P2P file sharing. I checked every one of them so that is how the computer has become infected, P2P file sharing.
This is why I asked you in post #3 to fix that one Shareaza entry. Looking at your combofix log I see that program was installed on 10-24-2008.
After that date I see multiple games and other paid programs installed, how many of these were acquired using P2P file sharing? Frankly I would find any program downloaded via P2P as suspect, expecially any installed after that date.
The ones we know for sure are infected files were installed on 11-15-2008, that honestly at this point doesn't mean there aren't others that haven't been found yet.

Yes, I want you to run combofix again. Follow THESE instructions EXACTLY:
At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
Once the Windows Registry has finished being backed up, ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically
You should now post this log here when all is complete.