I was able to complete all of the steps outlined. A short time after reading your post, chemist, my anti-virus produced a pop-up stating that a "backdoor trajan" was detected. I haven't had any noticeable interference (besides that one alert pop-up), but I haven't done much on my computer during the scan. I didn't want to compromise then scan or slow it down.
Below are the logs from ComboFix and the online scan.
--------------- ComboFix Log ---------------
ComboFix 08-12-04.04 - Shellie Waters 2008-12-04 19:08:28.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.736 [GMT -6:00]
Running from: c:\documents and settings\Shellie Waters\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Shellie Waters\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\windows\system32\dllcache\winlogon.exe --> c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.
2008-11-30 20:18 . 2008-12-04 18:42 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-24 18:07 . 2008-11-24 18:07 <DIR> d-------- c:\program files\muvee Technologies
2008-11-24 18:07 . 2008-11-24 18:07 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2008-11-24 18:07 . 2008-11-24 18:07 <DIR> d-------- c:\program files\3ivx
2008-11-24 18:06 . 2004-08-03 23:08 26,496 --a------ c:\windows\system32\dllcache\usbstor.sys
2008-11-20 16:12 . 2008-11-30 14:54 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-20 16:12 . 2008-11-20 16:12 <DIR> d-------- c:\program files\AVG
2008-11-20 16:12 . 2008-11-30 20:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-20 16:12 . 2008-11-20 16:12 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-20 16:12 . 2008-11-20 16:12 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-20 16:12 . 2008-11-20 16:12 10,520 --a------ c:\windows\system32\avgrsstx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 20:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 02:08 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-25 00:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 00:07 --------- d-----w c:\program files\QTComponents
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-17 05:08 --------- d-----w c:\documents and settings\Shellie Waters\Application Data\SPORE
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-08 03:52 --------- d-----w c:\program files\TheSimsResource
2008-10-07 23:20 --------- d-----w c:\program files\SimPE
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-07 17:16 7,086 -c--a-w c:\windows\system32\ealregsnapshot1.reg
2008-01-15 07:49 1,498 ----a-w c:\program files\Calculator.lnk
2007-06-29 11:25 8,612 -c--a-w c:\program files\QuickTime Read Me.htm
2007-06-29 11:25 749,568 -c--a-w c:\program files\QTOControl.dll
2007-06-29 11:25 684,032 -c--a-w c:\program files\QTOLibrary.dll
2007-06-29 11:25 618,496 -c--a-w c:\program files\QTInfo.exe
2007-06-29 11:25 6,124,864 ----a-w c:\program files\QuickTimePlayer.exe
2007-06-29 11:25 574,784 -c--a-w c:\program files\QTPlugin.ocx
2007-06-29 11:25 303,104 -c--a-w c:\program files\QTUIPanelControl.dll
2007-06-29 11:24 55,622 -c--a-w c:\program files\Sample.mov
2007-06-29 11:24 483,328 -c--a-w c:\program files\PictureViewer.exe
2007-06-29 11:24 286,720 ----a-w c:\program files\QTTask.exe
2007-06-29 11:24 18,663 -c--a-w c:\program files\Sample.qtif
2006-10-21 21:54 152 --sh--r c:\windows\system32\11D43EA203.sys
2006-10-21 21:54 7,520 -csha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-27 185632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a--c--- 2005-09-08 04:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-10-05 02:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a--c--- 2005-09-29 13:01 67584 c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-04-11 02:07 169472 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a--c--- 2005-06-17 06:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-04 17:14 8491008 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2007-10-04 17:14 81920 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 c:\program files\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-27 17:02 185632 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2007-10-04 17:14 1626112 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2005-03-22 22:20 339968 c:\windows\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"tmproxy"=3 (0x3)
"TmPfw"=3 (0x3)
"TMBMServer"=2 (0x2)
"SfCtlCom"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"NetSvc"=3 (0x3)
"MDM"=2 (0x2)
"KService"=2 (0x2)
"IAANTMon"=2 (0x2)
"ELService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-20 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-20 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-20 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-20 76040]
R2 tmevtmgr;tmevtmgr;\??\c:\windows\system32\drivers\tmevtmgr.sys [2007-10-15 52368]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2007-09-17 36112]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2007-09-17 333328]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2004-07-30 56576]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~2\TmPfw.exe [2007-10-15 480520]
S4 tmproxy;Trend Micro Proxy Service;"c:\program files\Trend Micro\Internet Security\TmProxy.exe" [2007-10-15 648456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9d77a1a-b838-11dd-8c02-0013721253cd}]
\Shell\AutoRun\command - e:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - e:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder
2008-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://minnesota.twins.mlb.com/index.jsp?c_id=min
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Shellie Waters\Application Data\Mozilla\Firefox\Profiles\kuae1v1r.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://forums.sims2community.com/index.php
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\Plugins\npqtplugin6.dll
FF -: plugin - c:\program files\Plugins\npqtplugin7.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-04 19:09:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-04 19:10:48
ComboFix-quarantined-files.txt 2008-12-05 01:10:43
ComboFix2.txt 2008-12-04 22:11:30
ComboFix3.txt 2008-05-15 04:31:37
Pre-Run: 82,296,320,000 bytes free
Post-Run: 82,280,804,352 bytes free
196 --- E O F --- 2008-12-03 11:12:07
--------------- Kapersky Online Scan Log ---------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 4, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 04, 2008 20:42:50
Records in database: 1436944
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 102005
Threat name: 7
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 02:46:12
File name / Threat name / Threats count
C:\Program Files\Trend Micro\Internet Security\Quarantine\bydqykb.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.ta 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\svchost.exe.vir Infected: Trojan-Downloader.Win32.Agent.aswm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir Infected: Backdoor.Win32.TDSS.bkw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSbrsr.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSScfum.dll.vir Infected: Trojan.Win32.Agent.arvz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSofxh.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir Infected: Backdoor.Win32.TDSS.atb 1
The selected area was scanned.