How about the combofix log?

=======================

nicole, you did not run combofix from the desktop, as requested. You also ran combofix 5 times.
You must follow instructions if we are to assist you.

==

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt
• A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

I will do what you just told me in a moment, but I need to clarify...I did run ComboFix on the desktop as I do not have it installed on the laptop. I ran all my scans and saved the logs to a media stick, then plugged the media stick into the laptop in order to post them on the thread here since I couldn't access any websites on my desktop. I had run ComboFix previously before I contacted you, but I did ONLY what I've been told in this thread since we started. I haven't done anything you didn't advise me to do. I wouldn't want to waste my time nor yours and drag this thing out any longer that it has to be. Trust me, I've only done what you've told me to do. The computer is working fine now, but I will go ahead and do these last things you've told me.

Done. Just wanted to let you know that when I saved that file and went to drag it onto the ComboFix icon, ComboFix was gone from my computer like it was never even there to begin with, so I had to reinstall it, then I could drag the file onto the icon. So I did all that and the log is below:

ComboFix 08-12-20.03 - Nicole 2008-12-21 1:27:10.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1610 [GMT -5:00]
Running from: c:\documents and settings\Nicole\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nicole\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\TDSSSERV.SYS
c:\windows\Tasks\uakgweyq.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\uakgweyq.job

.
((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-20 19:20 . 2008-12-20 19:20 <DIR> d-------- c:\program files\Lavasoft
2008-12-20 19:20 . 2008-12-20 19:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-15 20:22 . 2008-12-15 20:22 <DIR> d-------- c:\program files\ATTToolbar
2008-12-15 20:22 . 2008-12-16 20:34 <DIR> d-------- c:\documents and settings\Nicole\Application Data\ATTToolbar
2008-12-15 20:22 . 2008-12-21 01:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATTToolbar
2008-12-15 20:13 . 2008-12-16 03:03 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-15 20:13 . 2008-12-16 03:03 1,409 --a------ c:\windows\QTFont.for
2008-12-15 19:39 . 2008-12-15 19:40 <DIR> d-------- c:\program files\ATT-SST
2008-12-15 19:20 . 2008-12-15 19:38 <DIR> d-------- c:\documents and settings\Nicole\Application Data\Motive
2008-12-15 19:19 . 2008-12-15 19:19 <DIR> d-------- c:\program files\ATT-HSI
2008-11-27 01:03 . 2008-11-27 01:03 <DIR> d-------- c:\program files\HOJY TECH
2008-11-22 17:47 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-22 17:47 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-11-22 17:47 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-22 17:47 . 2008-04-13 14:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 06:26 --------- d-----w c:\documents and settings\Nicole\Application Data\PreCast
2008-12-21 02:36 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-21 00:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-19 03:54 --------- d-----w c:\documents and settings\Nicole\Application Data\LimeWire
2008-12-17 10:58 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-12-16 01:22 --------- d-----w c:\program files\Common Files\Motive
2008-12-16 01:22 --------- d-----w c:\program files\AT&T
2008-12-16 01:15 --------- d-----w c:\program files\BellSouth
2008-12-16 01:12 --------- d-----w c:\documents and settings\All Users\Application Data\Motive
2008-12-16 01:09 --------- d-----w c:\program files\RealArcade
2008-12-16 01:08 --------- d-----w c:\program files\Google
2008-12-04 00:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 00:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-27 06:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 00:54 --------- d-----w c:\documents and settings\Nicole\Application Data\Move Networks
2008-11-03 01:56 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-03 01:55 --------- d-----w c:\program files\Microsoft.NET
2008-10-25 13:47 --------- d-----w c:\program files\LimeWire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 07:07 --------- d-----w c:\program files\Microsoft Silverlight
2008-04-25 13:09 0 -c--a-w c:\documents and settings\Nicole\Application Data\CopyToGo.dat
2008-04-03 23:56 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-12-13 00:33 774,144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot_2008-12-21_ 0.17.10.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-06 04:30:42 241,704 -c----w c:\windows\system32\dllcache\wgaLogon.dll
+ 2008-09-06 04:29:58 917,032 -c----w c:\windows\system32\dllcache\WgaTray.exe
- 2008-03-20 22:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
+ 2008-09-06 04:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
+ 2008-09-06 04:30:42 241,704 ------w c:\windows\system32\WgaLogon.dll
+ 2008-09-06 04:29:58 917,032 ------w c:\windows\system32\WgaTray.exe
+ 2008-12-21 06:30:24 16,384 ----atw c:\windows\temp\Perflib_Perfdata_754.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-10 1576176]
"SmileboxTray"="c:\documents and settings\Nicole\Application Data\Smilebox\SmileboxTray.exe" [2008-07-30 205448]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-09 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"AT&T Internet Security Suite"="c:\program files\AT&T\AT&T Internet Security Suite\RPS.exe" [2007-06-28 310000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-18 8720384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PreCast Monitor.lnk - c:\program files\Ocucom\PreCast\tmon.exe [2008-02-12 1811120]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-10 11:22 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PreCast Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PreCast Monitor.lnk
backup=c:\windows\pss\PreCast Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nicole^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Nicole\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW.exe]
--a------ 2007-05-03 13:12 2061816 c:\program files\AT&T\Internet Security Wizard\ISW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 13:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 14:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 14:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 16:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-18 20:47 8720384 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 23:43 7630848 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 23:43 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-25 20:23 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 16:22 21898024 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 05:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 23:43 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-01-30 05:54 16116224 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 05:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"NVSvc"=2 (0x2)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 55024]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 Radialpoint Security Services;AT&T Internet Security Suite;c:\windows\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874} [2006-02-28 5120]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2008-03-03 44928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa5ad2a0-6972-11dd-b7cb-001a4d7a43a7}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-20 c:\windows\Tasks\User_Feed_Synchronization-{5DC353DC-8426-4747-895F-A55DAB4849C5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\SpinTopGamesLauncher.dll - O16 -: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0}
hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
c:\windows\Downloaded Program Files\SpinTopGamesLauncher.inf

c:\windows\Downloaded Program Files\WMDownload.dll - O16 -: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}
hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
c:\windows\Downloaded Program Files\WMDL.inf
FF - ProfilePath - c:\documents and settings\Nicole\Application Data\Mozilla\Firefox\Profiles\4tyn4gya.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.firesearch.com/
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 01:30:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AT&T\AT&T Internet Security Suite\Fws.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\program files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-21 1:33:39 - machine was rebooted [Nicole]
ComboFix-quarantined-files.txt 2008-12-21 06:33:12
ComboFix2.txt 2008-12-21 05:18:01
ComboFix3.txt 2008-09-11 16:25:54
ComboFix4.txt 2008-09-11 14:39:40
ComboFix5.txt 2008-12-21 06:26:12

Pre-Run: 198,313,390,080 bytes free
Post-Run: 198,316,105,728 bytes free

239 --- E O F --- 2008-12-21 06:07:23

Just looking at your combo fix log, it looks like your java is out of date.

Can you pls go into control panel > add / remove programs, and remove all Java Components.

Then go www.java.com and download and install the latest Java.

Thanks,

Cohen

Cohen...just uninstalled old and installed latest Java...thanks for catching that.

I need to clarify that you in fact, never ran it from the desktop. You ran it straight from the K drive'
Thats the reason when you ran the script, it was no longer there.

====

Log looks ok.

K: is my memory stick. I downloaded ComboFix and saved it to my memory stick so that I could put it on the desktop pc. I guess when I ran it on the pc, it didn't install it.

When Running Combo Fix, pls run it from the desktop. Otherwise it will not do it's job.

Cohen