Thank you, Adam.
After a few hours yesterday, I wasn't confident I'd find help on this forum (I had not heard of it previously), and had proceeded to research it on my own. A few hours after my original post, I learned about the tool Malwarebytes' Anti-Malware and ran it, cleaning 4 infections that AVG never detected. That did not resolved my search problem, however, so I want to make you aware that I took this action in case it complicates your efforts to help me. I'll stick to your instructions from here on.
I ran the ComboFix. It warned me that I needed to disable AVG, and I found some components I could not terminate even in the task manager and Process Explorer. Uninstalling AVG also failed. I ultimately renamed the AVG directory and rebooted just so could run ComboFix, and it "blue screened" and I had to run combofix from Safe Mode. It found four rootkit files (log below) and then rebooted into normal mode successfully to continue running. I clicked yes to download and install the recovery console, but it never confirmed that it did so.
Here is the combofix log. I'll another HJT log in a new post.
ComboFix 09-06-29.07 - cturtle 06/30/2009 18:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2198 [GMT -4:00]
Running from: c:\documents and settings\cturtle\Desktop\hijacktheis\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\hjgruiuwniybww.sys
c:\windows\system32\hjgruiardprktk.dat
c:\windows\system32\hjgruibwqpllky.dll
c:\windows\system32\hjgruiglvfkypr.dll
c:\windows\system32\hjgruiruuvtppb.dat
c:\windows\system32\mlfcache.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hjgruimtnvvror
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.
2009-06-29 18:46 . 2009-06-29 18:46 -------- d-----w- c:\documents and settings\cturtle\Application Data\Malwarebytes
2009-06-29 18:46 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 18:46 . 2009-06-29 19:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 18:46 . 2009-06-29 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-29 18:46 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 17:51 . 2009-06-29 17:51 -------- d-----w- c:\program files\CCleaner
2009-06-29 17:46 . 2009-06-29 17:46 -------- d-----w- c:\program files\Trend Micro
2009-06-29 17:32 . 2009-06-14 20:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-29 13:24 . 2009-06-29 13:24 -------- d-----w- c:\documents and settings\cturtle\Local Settings\Application Data\AVG Security Toolbar
2009-06-29 12:12 . 2009-06-29 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-29 12:12 . 2009-06-29 12:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVGTOOLBAR
2009-06-29 06:02 . 2009-06-29 06:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-29 05:58 . 2009-06-29 05:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-28 22:19 . 2009-06-28 22:20 -------- d-----w- c:\program files\TES_Map
2009-06-28 20:37 . 2009-06-28 20:37 -------- d-----w- c:\program files\Lame for Audacity
2009-06-28 20:36 . 2009-06-28 20:36 -------- d-----w- c:\program files\Audacity
2009-06-27 22:20 . 2009-06-27 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-06-27 22:20 . 2009-06-27 22:20 -------- d-----w- c:\documents and settings\cturtle\Application Data\NCH Software
2009-06-27 22:19 . 2009-06-27 22:20 -------- d-----w- c:\program files\NCH Software
2009-06-26 05:08 . 2009-06-26 05:08 -------- d--h--r- c:\documents and settings\cturtle\Application Data\SecuROM
2009-06-14 00:30 . 2009-06-14 00:30 -------- d-----w- c:\documents and settings\cturtle\Local Settings\Application Data\NWN2 Toolset
2009-06-12 16:37 . 2009-03-27 05:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-06-12 16:37 . 2009-06-12 16:37 -------- d-----w- c:\program files\CPUID
2009-06-12 04:11 . 2009-06-12 04:11 -------- d-----w- c:\program files\Atari
2009-06-11 21:13 . 2009-06-11 21:13 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-11 21:13 . 2009-06-11 21:13 -------- d-----w- c:\windows\system32\AGEIA
2009-06-11 21:13 . 2009-06-11 21:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-10 06:23 . 2009-06-10 06:23 -------- d-----w- C:\NeverwinterNights
2009-06-09 19:18 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 19:18 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-08 16:34 . 2009-06-08 16:34 -------- d-----w- c:\program files\CDV Software Entertainment USA
2009-06-06 23:51 . 2009-06-06 23:51 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-06 23:51 . 2009-06-06 23:51 290816 ----a-w- c:\documents and settings\cturtle\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-06 23:51 . 2009-06-06 23:51 290816 ----a-w- c:\documents and settings\cturtle\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-06 23:51 . 2009-06-06 23:51 290816 ----a-w- c:\documents and settings\cturtle\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-06 23:51 . 2009-06-06 23:51 290816 ----a-w- c:\documents and settings\cturtle\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-06 23:51 . 2009-06-06 23:51 -------- d-----w- c:\documents and settings\cturtle\Application Data\SystemRequirementsLab
2009-06-06 23:43 . 2009-06-07 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-06-06 23:35 . 2009-06-06 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-06-06 22:19 . 2009-06-06 22:19 -------- d-sh--w- c:\documents and settings\cturtle\PrivacIE
2009-06-05 00:35 . 2009-06-05 00:35 -------- d-sh--w- c:\documents and settings\cturtle\IETldCache
2009-06-05 00:33 . 2009-06-05 00:33 -------- d-----w- c:\windows\ie8updates
2009-06-05 00:33 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-05 00:32 . 2009-06-05 00:33 -------- dc-h--w- c:\windows\ie8
2009-06-03 00:19 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-03 00:19 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-02 05:50 . 2009-06-02 05:50 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-01 16:38 . 2009-03-16 16:16 198504 ----a-w- c:\documents and settings\cturtle\Application Data\Microsoft\Internet Explorer\Quick Launch\Tcpview.exe
2009-06-01 16:22 . 2009-03-16 16:16 2902376 ----a-w- c:\documents and settings\cturtle\Application Data\Microsoft\Internet Explorer\Quick Launch\Procmon.exe
2009-06-01 15:54 . 2009-02-03 14:32 3550592 ----a-w- c:\documents and settings\cturtle\Application Data\Microsoft\Internet Explorer\Quick Launch\procexp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 22:03 . 2008-05-12 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-29 12:12 . 2008-05-12 02:21 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 12:12 . 2008-05-12 02:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 12:12 . 2007-08-07 23:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-26 04:41 . 2008-05-12 02:21 -------- d-----w- c:\documents and settings\cturtle\Application Data\AVGTOOLBAR
2009-06-23 07:30 . 2007-09-26 12:55 -------- d-----w- c:\program files\NCSoft
2009-06-23 07:30 . 2007-08-02 09:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-23 07:29 . 2007-09-26 12:54 -------- d-----w- c:\documents and settings\cturtle\Application Data\InstallShield
2009-06-23 06:17 . 2008-02-29 04:15 -------- d-----w- c:\documents and settings\cturtle\Application Data\OpenOffice.org2
2009-06-23 06:16 . 2008-02-29 04:15 1 ----a-w- c:\documents and settings\cturtle\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-15 11:15 . 2007-10-09 04:04 -------- d-----w- c:\documents and settings\cturtle\Application Data\.purple
2009-06-11 21:13 . 2008-11-15 18:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-10 01:33 . 2007-08-02 09:16 -------- d-----w- c:\program files\Microsoft Works
2009-06-04 04:17 . 2008-03-10 06:37 -------- d-----w- c:\program files\Bethesda Softworks
2009-06-01 21:25 . 2007-08-10 03:09 -------- d-----w- c:\program files\SecondLife
2009-05-25 11:36 . 2009-05-25 11:36 81 ----a-w- C:\CTX.DAT
2009-05-25 11:31 . 2008-02-29 03:07 -------- d-----w- c:\documents and settings\cturtle\Application Data\Juniper Networks
2009-05-25 11:31 . 2008-02-29 03:07 33220 ----a-w- c:\documents and settings\cturtle\Application Data\Juniper Networks\setup\uninstall.exe
2009-05-25 11:31 . 2009-05-25 11:31 122152 ------w- c:\documents and settings\cturtle\Application Data\JuniperSetup.exe
2009-05-25 11:31 . 2009-05-25 11:31 122152 ------w- c:\documents and settings\cturtle\Application Data\JuniperSetup.exe
2009-05-15 21:03 . 2007-08-02 09:15 -------- d-----w- c:\program files\Google
2009-05-13 05:15 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 01:46 . 2009-05-11 01:46 -------- d-----w- c:\program files\NVIDIA Corporation
2009-05-11 01:45 . 2009-05-11 01:45 -------- d-----w- c:\program files\NVIDIA nTune Performance Application
2009-05-10 22:37 . 2009-05-10 22:37 -------- d-----w- c:\program files\7-Zip
2009-05-10 22:00 . 2009-05-10 22:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-10 21:54 . 2008-05-12 02:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 04:31 . 2009-05-01 04:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 04:31 . 2009-05-01 04:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 04:31 . 2009-05-01 04:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 04:31 . 2009-05-01 04:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 04:31 . 2009-05-01 04:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 04:31 . 2009-05-01 04:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 04:31 . 2009-05-01 04:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 02:02 . 2009-05-01 02:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 02:02 . 2009-05-01 02:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 02:02 . 2009-05-01 02:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 02:02 . 2009-05-01 02:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 02:02 . 2007-08-02 08:57 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 02:02 . 2007-08-02 08:53 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 02:02 . 2007-08-02 08:53 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 02:02 . 2007-08-02 08:53 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 02:02 . 2007-08-02 08:53 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 02:02 . 2004-08-10 17:59 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 02:02 . 2004-08-10 17:59 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-27 04:42 . 2007-08-08 00:08 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-17 12:26 . 2004-08-10 17:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 17:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-03 16:39 . 2009-04-03 16:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 12:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SecondLifeWindLight\\SLVoice.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"=
"c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/11/2008 10:21 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/11/2008 10:21 PM 108552]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [6/12/2009 12:37 PM 12672]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\cturtle\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\cturtle\Application Data\Mozilla\Firefox\Profiles\igfo9r99.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.altavista.com/FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-30 18:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}*]
"2EQJ2Z3RJDTDB2HBN4IWIN4ITC1"=hex:01,00,01,00,00,00,00,00,50,18,12,ae,1d,3d,93,
38,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7FA7DB51-4296-4DCE-E915E900AF1A706F}\{6ECD6E35-CD02-B6E7-116E97829ECA1B77}\{2BCFFA55-7302-F76B-60625DCE35F7A6E2}*]
"DIUMUTVOZPCSSGX5CJY2KLBAVE1"=hex:01,00,01,00,00,00,00,00,64,6d,b1,e3,87,75,1d,
e5,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD212F18-226F-19C5-6836DC0F322A8CD1}\{165CDB28-57BC-2FFB-C17032E84F1598CE}\{1D773DA2-1E07-1A59-CFCCE9D8E9744932}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,01,20,51,
35,db,44,42,8b,7a,02,e2,d3,14,3c,f8,3b,21,39,38,fc,5f,97,62,ae,54,19,ed,96,\
.
Completion time: 2009-06-30 18:33
ComboFix-quarantined-files.txt 2009-06-30 22:31
Pre-Run: 12,123,344,896 bytes free
Post-Run: 12,262,256,640 bytes free
213 --- E O F --- 2009-06-10 01:33