I'm picking up this thread mostly where it left off. I appear to have the same basic rootkit on my system, which shows in McAfee scans with the same signatures given by nasserjah19. McAfee finds it on each scan and thinks it is removing it, but it's always still there. The code interferes with McAfee and lots of other things, but I'll post a later message describing the various symptoms and history of earlier attempts at removal.
Here I will post my results from running the 3 programs recommended by jholland1964, and request of the community suggestions for how to complete the (hopefully) final step of removing the remaining rootkit code.
I didn't have any trouble downloading and installing MBA-M, but then nothing would happen when I tried running it. I followed crunchie's advice and renamed mbam.exe, and then I was able to run it by double-clicking the renamed file from an Explorer view (I run with Administrator privileges, so I didn't have the password problem). I have attached the log from MBA-M.
The synopsis is that it found several infected Registry keys and files, which it was able to remove. The (hopefully) last remaining piece is the Trojan.Agent in file \windows\system32\MSIVXcount. MBA-M tags the file to be removed at reboot, but it has been unable to remove it. Repeated scans show no remaining threats but the one file, which it finds during the Extras and heuristics scan phase.
ESET Online Scanner
I was able to download, install, and run this program from the web with no incidents/interference. I disabled all the McAfee anti-virus features during the scan (although it briefly turned back on anti-virus from a "timed" resumption, but I then shut it off until the scan finished).
ESET scanned every file on all my disk partitions, including archives and older Windows and DOS files, but it found no infected files, so I have not posted its log file. (I removed ESET after it finished, so I assume any log file it created was removed; I haven't looked.)
For this one, the agent blocked the installation file from running after download, but when I renamed the install file, it installed fine and I was able to run it without further incident.
I have attached the HiJackThis log file. Nothing jumped out at me from the log file. Hopefully the experienced community will recognize something.
HiJackThis gave me the option to delete a file on reboot, so I specified the MSIVXcount file found by MBA-M, but HiJackThis had no better success removing the file during reboot. (I had to just type the name into the file box to specify it; Explorer views can't see the file, even when showing all hidden and system files; the DOS directory commands to show Hidden, System, or ReadOnly files also don't see it.)
For completeness, I'll mention that I earlier downloaded the RootkitRevealer program from the Microsoft TechNet website, at the suggestion of a posting in a McAfee forum. I was able to download and install the program, but when it would run, it would delay for a short time and then report that it got no response from the effort to start the process. I wasn't tremendously hopeful, since it looked like the program was from 2006, with no discernable recent updates; it was a bit difficult to sort through how it was now supposed to work, since it puts itself as a delayed process to try to get around execution blocking.
So, I've got my (hopefully only remaining) nastie (Trojan.Agent in file \windows\system32\MSIVXcount) identified, but I haven't been able to get rid of it. Hopefully the community will have suggestions for how to clean it off.
If no one has any better suggestions, I'll try running the XP Recovery Console and see if I can delete the file from there. (A long time ago I had to use that mechanism to delete a "self replicating" Registry entry for some virus I've now forgotten what it did. That was the only other virus I've ever had to deal with until now; this one came courtesy of my careless college student.)
I already tried running McAfee from DOS in Safe Mode, with no effect. Later postings in a McAfee forum had indicated this type of rootkit wouldn't be removed in DOS mode. The last posting I saw in the McAfee forums was to run HiJackThis and post the log onto one of the highly technical Malware forum sites. (A side posting in this thread suggested giving RootkitRevealer a shot.)
Thanks in advance for any further suggestions from the community.