Posts by jholland1964

Give me a new HJT log.

Try clicking on this link MBA-M which is the executable for MBA-M. Save it to the desk top. Close all programs and Windows on your computer, including this one.
Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
# DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
# Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
*When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Reboot the computer.
Post back with that log.

Happy I could help. You can marked this one solved if you feel all is well.
Judy

Is your provider REALCONNECT?
Run the ESET Scanner again,
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked at this time so it WILL remove whatever it finds, and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us.
Judy

Try the suggestion given here:
http://support.microsoft.com/kb/812340

Did you add this server?

O17 - HKLM\System\CCS\Services\Tcpip\..\{9ED7A24E-A71D-4B08-833C-DA3756864F87}: NameServer = 192.168.0.1

If not then run HJT again, place a check mark next to that entry and then click the Fix Checked button.
Exit HJT
Reboot and run HJT again and post the new log.

Now boot to Safe Mode and see if you can uninstall that Registry Patrol program.

Log looks good. I like Avira a lot. Free version does auto-update daily, occasionally more than once a day. Now it does have this pop-up that "pops up" with each update, "suggesting" that you buy the paid version. Just "X" out of it. That is the only annoyance I have about it and there is no way to stop this. Program works great remember you do have to do your scans manually with the free version but other than that I am very pleased with it.
Also would recommend that you install SpywareBlaster, also FREE. Offers great protection from spyware, malware, dialware, tracking cookies, browser hijackers, nasty web sites...doesn't run in the back ground. You should update and enable frequently. I think you will be pleased with that also.
You need to Uninstall Combofix now, since it is no longer needed.
# Click START then RUN
# Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"
Now after that if you feel all is running well then you should set a new and clean restore point.
Follow the instructions HERE for doing that.
If all is running well you can mark this one solved.
Judy

Sorry to say this Registry Patrol doesn't get very good word in a lot of places. Registry cleaner, editors....just not something I personally recommend, especially one which will "fix" some but not others without payment.
Did the program offer backup of the registry prior to these fixes?

Run HiJackThis again and place check marks next to the following entries:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Homepage - {82A7361D-1CC3-4418-8470-29A8E353F5BA} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {D9B50483-AACD-4FC2-AE38-91C65A043690} - http://www.bt.com (file missing) (HKCU)

O20 - AppInit_DLLs: C:\WINDOWS\System32\ds16gt32.dll
O20 - Winlogon Notify: f063d96d511 - C:\WINDOWS\System32\ds16gt32.dll (file missing)
When you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot and run another HJT scan and post that new log here.
If your Norton is expiring I would definitely recommend removing it, total Uninstall in other words. There are several good FREE anti-virus programs available:
Avira Antivir is the one I use.
Avast is also recommended as is AVG8
Be sure to post back with that new HJT log, there will be one more step to complete if it checks out ok.
Judy

To uninstall ComboFix.exe And all Backups of files that it deleted

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"
Glad to see you updated the java. Also must caution you again about running two firewalls at the same time. Why not disable the McAfee Firewall in services and then only one will be running. This really can leave your system at risk running both.

Sorry Cohen, didn't see you there.

Cohen is correct about Viewpoint, it is considered foistware and should be uninstalled. Also your Java is way out of date and must be updated. Go HERE and download the Offline Install file and save it to the desk top.
Once you have done the download go to Add/Remove and Uninstall ALL previous versions of Java that you find there. Once that is finished then go to that install file on the desktop and double click to install...be careful some installs offer the yahoo search bar which you don't need so be sure to remove the check mark from that if you see it there. Once the new Java is installed then go back to the download page and on the right side you will see Verify Now. Click that to verify the installation was successful.
Once that is done then you should set a new and now clean System Restore point.

To do this do the following:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
Wait a few minutes and do the same thing only this time take OUT that check mark …

Cohen, Chris has all ready has MBA-M so there shouldn't be a need to download it again, just maybe another attempt to update. However this file, Wjqs.exe, is was recognized as a trojan back in October I believe, so if you cannot get it to update try uninstalling it first and then use Cohen's link to download again.

I've followed as many instructions as I could before posting, but the Deckard's scanner links seemed to be down, so I don't have a log for that.

Chris, the Deckard Scanner is no longer available, actually wish the reference could be removed from that sticky but I guess that it cannot.
It was ok to remove that file from your temp files, don't know that it is completely gone but we will soon see.
You might check your task manager and see if you see it in there, if so, end the process.
Judy

and you are quite possibly right with the zone alarm thing - i disabled zonealarm to run the quick scan and it only took like 5 minutes or whatever it showed there...

I will report this to the MBA-M site.

zonealarm is the only one ive been able to actually use to block them from doing so.

Then you have to disable the McAfee one, this would be one reason for the infections, more than one firewall running can lessen protection not increase it.
I would bet a nickel that the Zone Alarm is the reason for the long MBA-M scans it is most definitely something that the MBA-M people are studying right now....it slows or freezes the scan...therefore making the scan run much longer than it should.

In going through your logs to see what files were running and which could be stopped using Task Manager I discovered that you are running TWO firewalls, at least, three if the Windows firewall is enabled.
This is an absolute No-No. ONE firewall on a computer is the rule.
This may very well be one reason your MBA-M scans are taking so long...multiple firewalls blocking it's action and causing it to stall, especially Zone Alarm. Get rid of Zone Alarm, uninstall it since the McAfee Firewall is part of your security suite from them.
These files were running on the system in the back ground during your last HJT scan, End them and try the combofix again. One of them by the way was MBA-M and it should never be running in the background unless it is actually scanning, if it is scanning then many of those programs showing should not have been running anyway.
Here are those to end with task manager:
mcmscsvc.exe
mcnasvc.exe
mcproxy.exe
McShield.exe
mcagent.exe
mcsysmon.exe
MPFSrv.exe
zlclient.exe
vsmon.exe
mbam.exe

Looks good to me. You seriously need to be thinking about uninstalling AVG7 and either going with AVG 8 or another anti-virus program. AVG 7 support will very soon be discontinued.

Update MBA-M and run another Full system scan with it. Have it REMOVE anything found.
Reboot.
Run a new HJT scan. Post back with both the MBA-M log and the new HJT log.
Judy

Download Combofix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that …

Still an unknown entry showing in HJT log which should be fixed:

Run HJT again and place a check mark next to the one below.
O20 - AppInit_DLLs: vaxagi.dll

When you have placed this check mark then click the Fix Checked button.
Exit HJT.
Reboot, run a new HJT scan and post the log.
Judy

so in the 24 hours or so since i first got the program, and updated it, it has updated the database 7 more times?

Essentially yes, that doesn't necessarily mean all the updates were offered one at a time.
I find it very unusual that the scan would take 8 hours, there must be something slowing it down. How large is your hard drive?
A full scan for me takes about 1 hour. I have seen them take a couple but honestly not 8 hours. Can you tell me, is it actually scanning all the time or does it seem to freeze? They are currently examining a possible issue with freezes during scans which might be cause by Zone Alarm firewall, they are not certain at this point but it is a possibility. The scan should never take 8 hours.
I wasn't meaning to be critical when asking if you had rebooted, it is just that many people don't understand they must reboot if the log says -> Delete on reboot. They will run the program and then immediately run HijackThis without rebooting. We have to ask to be absolutely certain.

yes it is.

No, it is out of date. MBA-M updates sometimes more than once a day. Your database version is 1497. Newest database version is 1504. You must run the Update prior to each and every scan.
Are you shutting down and rebooting after running MBA-M?
Note what it says in the log on many of the items found....-> Delete on reboot.

meaning that file cannot be removed until the computer is rebooted because it must delete it BEFORE it begins to run.
Please update your MBA-M do another scan, REBOOT and then run a new HJT scan and post the log.

We need to see an HJT log done AFTER the MBA-M program was run.

MBA-M has a tool called File Assassin which may be able to remove this. Open MBA-M, More Tools. There you will see the File Assassin button. Click Run Tool. Then you will have to navigate to that file we want to remove.

We MUST see the logs. Please run MBA-M again and post the log. We cannot help without the logs.

Here is the problem:
O20 - AppInit_DLLs: C:\WINDOWS\System32\ds16gt32.dll
O20 - Winlogon Notify: f063d96d511 - C:\WINDOWS\System32\ds16gt32.dll
This is the file you had to upload for checking which came back with the Trojan identifications from multiple scanners.
Can you boot to safe mode and do a search for this file?

C:\WINDOWS\System32\ds16gt32.dll

If you find it, delete it, just the file in RED BOLD not the entire folder.

Your HJT log looks ok, you have a LOT of things running in the back ground and a lot running unnecessarily at start up, this could give you the high usage of svchost processes, as crunchie noted in his attachment. Each one handles multiple processes, and you have a LOT running.
Judy

Ok, there is still infection showing in the HJT log and it was NOT caught by MBA-M this time, though copy 1 was caught the first time.
C:\Documents and Settings\mfutch\Application Data\Google\fhexj6825097.exe (Trojan.FakeAlert) -> Delete on reboot.

Prior to that it did NOT show in the HJT log, now it does, note the 2:
O4 - HKCU\..\Run: [windpipe] "C:\Documents and Settings\mfutch\Application Data\Google\fhexj6825097.exe" 2

Try this again:
Download Combofix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take …

Infection still showing in your HJT log. Update MBA-M and run another Full System scan. Allow it to remove everything found.
Reboot.
Run a new HJT scan and post back with both logs.

I'm guessing this file isnt supposed to be there?

No it is not.
Do the following:
Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the quote box by highlighting all the text and right click and choose copy

File::
c:\windows\system32\ds16gt32.dll

Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

Drag the file you just created CFScript.txt and drop it on the main ComboFix.exe icon
Please wait for ComboFix to finish running

Post back here with that new combofix log

I would also recommend that you Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us too.
Judy

Ok Michael, try this:
Please try the following routine given in the MBA-M forum to see if you can get Malwarebytes to run.

* Click on Start, click Run, and then type devmgmt.msc and click OK
* On the View menu click on Show hidden devices
* Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
* Highlight that driver and right click on it and select DISABLE
* Now RESTART your computer.
* Download a copy of Malwarebytes but DO NOT run it yet.
* Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
* Once the program is installed go to the UPDATE tab and try to update the program if you can.
* Then go to the SCANNER tab and run a Full System and allow MBAM to fix anything found.

I would like you to go to virusscan-jotti which is a site where you can upload suspicious files from your computer and have them scanned by multiple anti-virus engines. They will do a quick scan and give you the results.
At the top of the page you will see: File to upload & scan next to a window. copy/paste this into that window

c:\windows\system32\ds16gt32.dll

Click the Browse button and it will scan your computer for that file. When it is found click Submit.
It will quickly scan the file and give you a report.
Please come back here and post that full report.
Judy

Norton is uptodate totally, 98 days remaining.
Im not sure what you're asking of me though...
im a bit illiterate at all of this, do you want me to copy the whole log here? that's a lot of repeated spammage.

I really do appreciate the help though, ^_^

No it would have helped to have a couple of the errors so we would have maybe an idea.
Do this....
Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
…

Actually would have preferred to see an actual error report rather than just comments on various errors...anyway
ccsvchst is your Norton Anti-virus
Automatic LiveUpdate...assume this is your Norton program, though it could also be Windows Updates.
The thing is many of these items you mention have to do with various auto updates to some programs, Norton...which SHOULD auto update, Bonjour service which shouldn't be needed, LightScribeService is a labeling service for CD's shouldn't running at all, gusvc is the google updater.
Turn off ALL of those auto udaters with the exception of the Norton program...is it current and up to date by the way or is it due for renewal.

Think you better begin some clean ups....
Do the following:
Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > …

there are several pop ups open with internet explorer

What types of pop ups?

Look in Event Viewer and see noted errors. This could give information on what is causing these crashes.
Start, Control Panel, Administrative Tools, Event Viewer. Check Applications and also System logs.

Very possible the server was busy at the time. If too many users are on at once the server could reach it's limits. Does this happen often? What were you doing at the time? How are you connected to the internet?

What are some of the pages you get instead of Hotmail?
We are going to get this thing fixed but we need to see more scans and logs.
Update MBA-M and run another scan with it. Be sure to have it remove everything found and then REBOOT the computer.
Then run a new HJT scan and save that log. Post back here with both.
By the way, when you reply to a post, hit the yellow Reply to Thread button not the gray reply w/quote button. Ok?

Judy

Download Combofix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a …

Have you tried to download MBA-M from HERE

Also the programs you noted in your earlier post are all fine. Many you wouldn't remember installing because they probably came pre-installed on the computer when you purchased it or came in as the result of an automatic update,
ati control panel-has to do with your graphics card
ati display driver-exactly what it says it is, your display driver
ati hydravision-ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier.
bonjour-installed with iTunes software. You can uninstall it.
fire gl control panel-also has to do with your graphics
highmat extension-extension for the Windows CD writing software
retrospect 7.5-backup software program essentially.

Download ComboFix, You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will now start scanning your computer for known infections. This …

Hi zbizzy, will be waiting for your logs. Be sure to allow MBA-M to remove items found.
Judy

The fact that you still have some re-directs and several entries in the HJT log tells me that this infection still isn't gone all the way.
I first want you to try this:
Download SDFix
Save it to the desktop.
Double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
A window will now open showing SDFix being extracted into the C:\SDFix folder. Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.

Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.

5. When you are at the logon prompt, log in as the same user as you usually do.

When your computer has started in safe mode, and you see the desktop, close all open Windows.

Click on the Start button, click on the Run menu option, and type the following into the Open: field:

C:\SDFix\RunThis.bat

Then press the OK button.
The SDFix window will open containing some brief info and a disclaimer on the use of the tool
please press …

Hi Lewis,

When the Malware scan completed a popup appeared advising that not all items could be removed.

If you look at the message given in the pop-up you will see that these items were added to the list Delete on Reboot. So as long as you rebooted the computer after the MBA-M run then these entries should have been removed.
May I ask where are you located, country I mean. There are some fixes which may need to be done showing in your HJT log but they would apply in the US not in the UK for instance.
Judy

Done some searching and apparently some software that might help are:

1. mbam
2. HJT

Any ideas on hows these can help?

Thanks.

Lewis.

Hi Lewis and welcome to daniweb. You are correct, these are the two programs you need to begin with.
Follow the directions below exactly and post back with the requested logs listing MBA-M log first followed by HJT.

Instructions for MBA-M

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Download HiJackThis
Run a Full System Scan. Save the log.
Post back here with both logs.
Judy

yollyP, you need to create your OWN thread and not request help in somebody else's thread. That is the way to get proper help. It can get very confusing working with two different posters in one thread.
Please start your own and follow the instructions given HERE before you post. Follow all steps with the exception of Deckard Scanner which is not available. Instead use HiJackThis.
Make your own thread and one of us here will be most happy to assist you.
Judy

Well, I have not used Frostwire ever (it was actually uninstalled from my computer months ago), and the other programs you mentioned have not been used in a month or so.

If you say so, though you might want to look at the dates in the combofix log:
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))

2008-11-22 22:56 . 2008-11-22 22:59 <DIR> d-------- c:\documents and settings\Alexa\Application Data\FrostWire
2008-11-22 22:54 . 2008-11-22 23:00 <DIR> d-------- c:\program files\FrostWire
2008-11-21 06:33 --------- d-----w c:\program files\eMule
2008-11-14 05:27 --------- d-----w c:\documents and settings\Alexa\Application Data\Azureus
2008-11-08 15:56 --------- d-----w c:\program files\Azureus

The dates, by the way, in a combofix log are listed Year, Month, Day and the time is in military time I would guess you would say so the FrostWire would read, November 22, 2008 from 10:54 pm to 10:59 pm, eMule file was created November 21, 2008 at 6:33 am
Aszureus Nov. 8, 2008.
Better check cause it looks like the programs you say you haven't used in months have been used so somebody else must be using your computer and one that was removed months ago was created on November 22.
Anyway, the other logs look clean.
You need to remove combofix from the machine. To do so do the following:
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there

Well as I said combofix removed infected files. Have to mention here, there is a good possibility the infection came into the computer because of these programs,
Frostwire and Azureus which are P2P file sharing programs. There also appears to be a dvd decription program on the computer which removes the encryption from commercially made dvd's so that they can be copied. This is illegal I hope that you know, a violation of copyright laws.
We do not condone or approve of this activity here on this forum.
I can only ask you now to run HiJackThis again, post that log and I will look at it to see if other files need repairing because of this infection and tell you how to do that if possible.