Help---My Firewall keeps turning of automatically

I have noticed a couple of days now...my firewall keeps turning off...I have to put it on in the morning and it stays all day on and then when i turn computer off and start it next day i have to turn firewall again....Need help knowing why. Have run spybot and antivirus and no virus detection is there therefore wondering why this is happening

DDS (Ver_09-03-16.01) - NTFSx86
Run by Deepa at 13:00:21.85 on Tue 04/14/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.125 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Deepa\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.averatec.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
uRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\2wirew~1.lnk - c:\program files\2wire wireless\client manager\CMTWO.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imslsp.dll
LSP: c:\windows\system32\zonelabs\vetredir.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150798476425
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\deepa\applic~1\mozilla\firefox\profiles\42cws0hp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-2-27 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-2-20 29056]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-20 11840]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [2007-12-27 64160]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-6-20 372816]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-20 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-20 151297]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2006-6-20 2304]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-20 52032]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 CAISafe;CA ISafe;c:\windows\system32\zonelabs\isafe.exe [2006-6-20 188416]
S3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [2006-6-20 45056]
S3 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2006-6-20 21605]
S3 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2006-6-20 15668]
S3 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2006-6-20 108453]
S3 VETMONNT;VET File and Macro Monitor;c:\windows\system32\drivers\vetmonnt.sys [2006-6-20 541733]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S4 Bscrr_lmn;Bscrr_lmn;c:\windows\system32\drivers\AegisP.sys [2006-6-20 20747]

=============== Created Last 30 ================

2009-04-14 10:56 37,397 a------- C:\s3o84k.jpg
2009-04-11 11:07 19,079 a------- c:\windows\system32\wincode.dat
2009-04-11 11:07 6,407 a------- c:\windows\system32\krncode.dat
2009-04-11 11:07 1,575 a------- c:\windows\system32\pwrcode.dat
2009-04-11 11:07 21,504 a------- c:\windows\system32\nsysp.ini
2009-04-11 11:07 17,408 a------- c:\windows\system32\osysp.dat
2009-04-11 11:07 988,672 a------- c:\windows\system32\nsysk.ini
2009-04-11 11:07 984,576 a------- c:\windows\system32\osysk.dat
2009-04-11 11:07 659,456 a------- c:\windows\system32\osysw.dat
2009-04-11 11:07 663,552 a------- c:\windows\system32\nsysw.ini
2009-04-11 11:07 --dsh--- c:\windows\system32\lowsec
2009-04-11 11:07 35,840 a------- c:\windows\system32\sys.dat
2009-04-11 11:07 28,880 a------- c:\windows\system32\ldshyf1.old

==================== Find3M ====================

2009-04-01 11:58 952 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-03-26 18:55 7,168 a--sh--- c:\program files\Thumbs.db
2009-02-26 00:35 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-13 21:29 30,616 a------- c:\docume~1\deepa\applic~1\GDIPFONTCACHEV1.DAT
2008-07-29 19:48 88 ---shr-- c:\windows\system32\96BED014D3.sys

============= FINISH: 13:01:40.96 ===============

Hello.
Two things here.

You are running two AV's, this is a bad idea as they can conflict and cause problems. I see Zonealarm and Avira.

Now, Zonealarm has their own firewall, which I don't know if that's installed here. But if it is, then that's why the Windows firewall is off. You can't have two firewalls running, same as you can't have two AV's running.

Second, you are also infected with a rootkit, so we'll deal with that first.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Hi...here it is...it seems to say no rootkits found

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

here it is

Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 2

4/14/2009 2:53:01 PM
mbam-log-2009-04-14 (14-53-01).txt

Scan type: Quick Scan
Objects scanned: 84943
Time elapsed: 9 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.Data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.Data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.Data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sys.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv481239053699.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.

Hello.
Re-run DDS now, so I can see an updated log.

Hi...here it is

DDS (Ver_09-03-16.01) - NTFSx86
Run by Deepa at 15:16:48.84 on Tue 04/14/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.351 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Deepa\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.averatec.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
uRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\2wirew~1.lnk - c:\program files\2wire wireless\client manager\CMTWO.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imslsp.dll
LSP: c:\windows\system32\zonelabs\vetredir.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150798476425
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\deepa\applic~1\mozilla\firefox\profiles\42cws0hp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-2-27 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-2-20 29056]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-20 11840]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [2007-12-27 64160]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-6-20 372816]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-20 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-20 151297]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2006-6-20 2304]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-20 52032]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 CAISafe;CA ISafe;c:\windows\system32\zonelabs\isafe.exe [2006-6-20 188416]
S3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [2006-6-20 45056]
S3 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2006-6-20 21605]
S3 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2006-6-20 15668]
S3 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2006-6-20 108453]
S3 VETMONNT;VET File and Macro Monitor;c:\windows\system32\drivers\vetmonnt.sys [2006-6-20 541733]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S4 Bscrr_lmn;Bscrr_lmn;c:\windows\system32\drivers\AegisP.sys [2006-6-20 20747]

=============== Created Last 30 ================

2009-04-14 14:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-14 14:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 14:39 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-14 10:56 37,397 a------- C:\s3o84k.jpg
2009-04-11 11:07 19,079 a------- c:\windows\system32\wincode.dat
2009-04-11 11:07 6,407 a------- c:\windows\system32\krncode.dat
2009-04-11 11:07 1,575 a------- c:\windows\system32\pwrcode.dat
2009-04-11 11:07 21,504 a------- c:\windows\system32\nsysp.ini
2009-04-11 11:07 17,408 a------- c:\windows\system32\osysp.dat
2009-04-11 11:07 988,672 a------- c:\windows\system32\nsysk.ini
2009-04-11 11:07 984,576 a------- c:\windows\system32\osysk.dat
2009-04-11 11:07 659,456 a------- c:\windows\system32\osysw.dat
2009-04-11 11:07 663,552 a------- c:\windows\system32\nsysw.ini
2009-04-11 11:07 28,880 a------- c:\windows\system32\ldshyf1.old

==================== Find3M ====================

2009-04-14 14:57 7,168 a--sh--- c:\program files\Thumbs.db
2009-04-01 11:58 952 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-02-26 00:35 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-13 21:29 30,616 a------- c:\docume~1\deepa\applic~1\GDIPFONTCACHEV1.DAT
2008-07-29 19:48 88 ---shr-- c:\windows\system32\96BED014D3.sys

============= FINISH: 15:17:47.25 ===============

Hello.
Do you know what this picture file is?
C:\s3o84k.jpg

If you do, please move it from the root of C drive, because it looks somewhat suspicious just sitting there.
If you don't know what is it, delete it.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\system32\wincode.dat
  c:\windows\system32\krncode.dat
  c:\windows\system32\pwrcode.dat
  c:\windows\system32\nsysp.ini
  c:\windows\system32\osysp.dat
  c:\windows\system32\nsysk.ini
  c:\windows\system32\osysk.dat
  c:\windows\system32\osysw.dat
  c:\windows\system32\nsysw.ini
  c:\windows\system32\ldshyf1.old
  C:\Documents and Settings\Deepa\Desktop\dds.scr
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

this i what it gave me...it did not ask me to reboot and I did not get a log

========== FILES ==========
c:\windows\system32\wincode.dat moved successfully.
c:\windows\system32\krncode.dat moved successfully.
c:\windows\system32\pwrcode.dat moved successfully.
c:\windows\system32\nsysp.ini moved successfully.
c:\windows\system32\osysp.dat moved successfully.
c:\windows\system32\nsysk.ini moved successfully.
c:\windows\system32\osysk.dat moved successfully.
c:\windows\system32\osysw.dat moved successfully.
c:\windows\system32\nsysw.ini moved successfully.
c:\windows\system32\ldshyf1.old moved successfully.
C:\Documents and Settings\Deepa\Desktop\dds.scr moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04142009_155136

We can remove OTMoveIt now.

• Please double-click OTMoveIt3.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt, do the same for the reboot prompt.
  

How is the machine running now?

it is working like it was before meaning it working fast and not slow

Do I need to turn off system restore and start back

Not yet, we aren't done.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Hi..here it is:

2Wire Wireless Client
2Wire Wireless Client Manager V3.02
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Reader 8.1.2
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Agere Systems HDA Modem v6081
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe
Bonjour
Bytescout SWF To Video Scout
Citrix Presentation Server Client
ClamWin Free Antivirus 0.91.2
Corel Paint Shop Pro Photo X2
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Player
DivX Web Player
Google Talk (remove only)
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
iSpring Free 3.2.0
Juniper Networks Secure Application Manager
Kundli for Windows (Professional Edition)
Malwarebytes' Anti-Malware
MediaShow 3.0
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Nero 6 Ultra Edition
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Drivers
O2Micro Flash Memory Card Windows Driver V2.04
PDF Settings
QuickTime
Ralink Wireless LAN Card
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Spybot - Search & Destroy
Total Video Converter 3.02
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6c
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar
ZoneAlarm Security Suite