About a year ago I received help in this forum with a problem with malware (MJC was of much help). Now I think I'm in need of more help. I tried to decipher the logs rendered by HiJackThis & Malwarebytes but I don't meet the requirements to do it.
Below, I'm including the HJT log:
===========
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:59 PM, on 7/7/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\compuetrs\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\Regv.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\COMPUE~1\Desktop\Tools\INSTAL~1\SPYBOT ~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] D:\PROGRAMS\ERASER\ERASER.EXE -hide
O4 - HKUS\S-1-5-21-1644491937-1682526488-1343024091-1003\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1644491937-1682526488-1343024091-1003\..\Run: [Eraser] D:\PROGRAMS\ERASER\ERASER.EXE -hide (User '?')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\COMPUE~1\Desktop\Tools\INSTAL~1\SPYBOT ~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\COMPUE~1\Desktop\Tools\INSTAL~1\SPYBOT ~1\SDHelper.dll
O15 - Trusted Zone: http://www.google.com.pr
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 4408 bytes
==============
PS. If there's a site for learning how to correctly inspect this log, or an api that does it automatically I'll be glad to read & learn it for my own benefit & possibly others too!

Benny:

Were you in slow class in school? Do you pay attention to anything?

Please give me the Hijackthis log in REGULAR mode and the MBAM log. Then answer one silly question.

Why in God's name are you still running Windows XP without SP1,SP2, and SP# installed. It has been almost a year and you were warned then to upgrade. This leads me to one of two conclusions:


You are a lazy good for nothing loser who wont make the effort to protect himself and thereby endangers others by using an unsafe PC on line
You are running a cracked or illegal copy of Windows and you are either too poor or too cheap to get a real copy.


I don't want to be harsh, but I warned you a year ago that this was dangerous and yet you persist??????

No, I'm not a slow learner. If you put some attention to the referenced post You'll probably get the fact that this computer isn't mine. Being things as they are, you should understand that my likings (my ideas or, for that matter, yours) shouldn't get imposed over those from the owner of the machine.
Responding to your second issue I should say that I'm pretty sure that I've seen more than once that the SP1 was installed here in this machine (I'm sorry that I can't remember when or under what circumstances I found that out). Having just this machine to connect to the web I have no choice for getting connected & you should reflect seriously upon 'dreaming up' on others' circumstances. By the way, your choice of words demonstrate lack of kindness or good manners &, it might have a tangency with the forum's posting rules themselves.
I think that having a position of some power, knowledge above the median or a direct competent involvement in determinig some rules within an environment is no justification for putting oneself above those very rules!!!

Well the first thing for you to do is take it out of Safe Mode and post another logfile.

It also looks to be 2 antivirus softwares running which will have to be addressed shortly.

No, I'm not a slow learner. If you put some attention to the referenced post You'll probably get the fact that this computer isn't mine. Being things as they are, you should understand that my likings (my ideas or, for that matter, yours) shouldn't get imposed over those from the owner of the machine.
Responding to your second issue I should say that I'm pretty sure that I've seen more than once that the SP1 was installed here in this machine (I'm sorry that I can't remember when or under what circumstances I found that out). Having just this machine to connect to the web I have no choice for getting connected & you should reflect seriously upon 'dreaming up' on others' circumstances. By the way, your choice of words demonstrate lack of kindness or good manners &, it might have a tangency with the forum's posting rules themselves.
I think that having a position of some power, knowledge above the median or a direct competent involvement in determinig some rules within an environment is no justification for putting oneself above those very rules!!!

First things first. The machine does not have SP1, even if it did, you need SP2 for any semblance of security.

Next, you may think this is none of my business. Well it is. Just like it's my business if you decide not to get measles vaccine and spread measles all over the place. This PC owner has chosen to go on line where everybody else goes. He is not only infected but is probably infecting others or his machine is being used to spread spam, viruses or trojan horses to other systems. So now it is my business.

I expressed anger because the person who owns this system has been warned previously that he is a danger not only to himself but also to others and yet wants me to help him fix his PC and he wont take the basic rudimentary steps to protect himself.

This is self defeating. He will never be clean without updating the OS. Again this is a free download so I am leaning to the fact this is cracked or pirated copy of Windows and violation of numerous laws and ordinances.

So now, I will seek a verbal guarantee from the owner he will update to SP2 as soon as the system is clean, if that is even possible. Without such assurances, this is a total waste of time and effort on everyone's part.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:55 PM, on 7/21/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\compuetrs\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://e1.mc376.mail.yahoo.com/mc/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\Regv.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\COMPUE~1\Desktop\Tools\INSTAL~1\SPYBOT ~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] D:\PROGRAMS\ERASER\ERASER.EXE -hide
O4 - HKUS\S-1-5-21-1644491937-1682526488-1343024091-1003\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1644491937-1682526488-1343024091-1003\..\Run: [Eraser] D:\PROGRAMS\ERASER\ERASER.EXE -hide (User '?')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\COMPUE~1\Desktop\Tools\INSTAL~1\SPYBOT ~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\COMPUE~1\Desktop\Tools\INSTAL~1\SPYBOT ~1\SDHelper.dll
O15 - Trusted Zone: http://www.google.com.pr
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 4666 bytes

PS. I've downloaded Avast! Antivirus as a trial (temporary) antivirus tool but now that the trial period expired I can't remove it with its own uninstaller. I tried it from Control Panel & that too failed. Now I've downloaded a removal api from their home page & will try it after making this post.

If it were me, I would insist that service pack one be installed immediately before I went ahead with attempting to clean the pc.
The pc has worms and backdoor trojans on it and SP1 and all other M$ updates (except for Service Pack 2!!) need to be installed to help the clean-up process.

If a PC is infected and you go to install a service pack, it could cause problems. Personally, I would clean it up THEN update it completely.

With SP2 I would agree with you. It was known to cause problems when installed on an infected PC. I have never heard of anything bad happening with SP1.
It is very difficult to clean an unpatched PC and anyone helping could be chasing their tail indefinitely. Been there, done that :)

I managed to delete the Avast! antivirus with a tool downloaded from their own site. Now I'm having some problems with my regular antivirus --from PCTools; I think I can redownload it & solve the problem just by reinstalling it.
I'm asking myself the following: if I clean Windows but never use it for browsing the web & avoid inserting any data-carrying device to the notebook while windows is active am I avoiding effectively being infected?
PS. Is there a source of info (i.e. catalog) where one can check the logs of, say, HJT or ComboFix? Thanks!

I'm asking myself the following: if I clean Windows but never use it for browsing the web & avoid inserting any data-carrying device to the notebook while windows is active am I avoiding effectively being infected?
Yes, if you never go on line and you never insert any USB device you are pretty safe. Please disable the wireless.

PS. Is there a source of info (i.e. catalog) where one can check the logs of, say, HJT or ComboFix? Thanks!

There is no catalog that contains all entries for HJT and Combofix. logs. You either need to treat yourself or post your logs on a forum where they can be read.
http://www.systemlookup.com/
http://www.bleepingcomputer.com/filedb/Your system is badly infected. If you won't comply with our instructions you should re-format & reinstall Windows.

To the OP. Can you explain why it is so hard to install Microsoft updates so that we can help you clean your PC?

Now I'm having some problems with my regular antivirus --from PCTools

If you put some attention to the referenced post You'll probably get the fact that this computer isn't mine.

Im outa here.....

I deal with enough BS in real life...

Thanks classicsoftware for all your help! It was very useful indeed!
Crunchie, in one of the threads I mentioned that this notebook isn't mine & if I ask permission to download updates & it is denied I cannot go over the wishes of the owner.
Fruss Tray Ted, you might be used to deal with many persons that use to lie to you frequently &, if BS means what I beleive means you're doing as the western european aristocracy did in the renaissance did...; I'm sorry for you.