Please review the attached logs.

PS Kelly looked at this in early august before we closed the previous thread & I was out of town for several weeks.

I've recently reinstalled the operating system and want to make sure that everything is clean before re-installing backed up files.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:04 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\JAMESG~1.NIC\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\JAMESG~1.NIC\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187035611594
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6094 bytes

Combofix:

ComboFix 07-08-30.3 - "James G. Nicolay" 2007-08-30 12:56:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.480 [GMT -10:00]
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))


2007-08-29 15:51 <DIR> d-------- C:\DOCUME~1\JAMESG~1.NIC\APPLIC~1\Help
2007-08-29 15:44 <DIR> d-------- C:\Program Files\Security Task Manager
2007-08-20 17:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-08-20 16:34 <DIR> d-------- C:\DOCUME~1\JAMESG~1.NIC\APPLIC~1\Corel
2007-08-20 14:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-08-20 14:46 <DIR> d-------- C:\Program Files\Corel
2007-08-20 14:46 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-08-20 09:37 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-08-20 09:37 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-08-20 09:37 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-08-20 09:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-08-20 09:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-08-20 09:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-08-20 09:37 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-08-20 09:37 <DIR> d-------- C:\Program Files\Sygate
2007-08-20 09:23 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-20 09:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-20 09:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-20 07:53 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-19 22:19 <DIR> d-------- C:\DOCUME~1\JAMESG~1.NIC\APPLIC~1\OpenOffice.org2
2007-08-19 22:07 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2007-08-19 16:41 64,000 --a------ C:\WINDOWS\system32\esfw52.bin
2007-08-19 16:41 5,632 -ra------ C:\WINDOWS\system32\escdev.dll
2007-08-19 16:41 282,624 --a------ C:\WINDOWS\system32\esint52.dll
2007-08-19 16:41 180,224 --a------ C:\WINDOWS\system32\eswia52.dll
2007-08-19 16:41 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-19 16:41 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-19 15:19 304,128 --a------ C:\WINDOWS\IsUninst.exe
2007-08-19 15:19 <DIR> d-------- C:\DOCUME~1\JAMESG~1.NIC\WINDOWS
2007-08-18 17:40 51,200 --------- C:\WINDOWS\system32\brinsstr.dll
2007-08-18 17:40 50 --a------ C:\WINDOWS\system32\m8440def.dat
2007-08-18 17:39 147,456 --a------ C:\WINDOWS\brunin03.dll
2007-08-18 17:39 <DIR> d-------- C:\Brother
2007-08-18 17:38 <DIR> d-------- C:\Program Files\ScanSoft
2007-08-18 17:38 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-08-18 17:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-08-18 17:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
2007-08-17 15:52 <DIR> d--h----- C:\Program Files\Give4Free Plugin
2007-08-17 15:51 <DIR> d-------- C:\Program Files\Windows Messenger Remover
2007-08-17 15:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-17 14:46 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-08-17 09:24 <DIR> d-------- C:\Program Files\Sophos
2007-08-16 19:20 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-08-16 19:19 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-16 19:04 <DIR> d-------- C:\DOCUME~1\JAMESG~1.NIC\APPLIC~1\gtopala
2007-08-16 18:44 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-16 16:47 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-15 16:09 <DIR> d-------- C:\Program Files\CCleaner
2007-08-15 13:32 81,920 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-08-15 13:32 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-08-15 13:32 3,644,032 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-08-15 13:32 294,912 --a------ C:\WINDOWS\alcupd.exe
2007-08-15 13:32 200,704 --a------ C:\WINDOWS\alcrmv.exe
2007-08-15 13:32 156,672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-08-15 13:32 10,458,112 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2007-08-15 13:32 <DIR> d-------- C:\Program Files\Realtek AC97
2007-08-15 11:31 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-15 11:31 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-15 11:18 <DIR> d-------- C:\WINDOWS\pss
2007-08-15 10:32 <DIR> d-------- C:\Program Files\MSBuild
2007-08-15 10:29 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-15 10:29 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-15 10:29 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-15 10:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-15 10:28 <DIR> d-------- C:\5ea89ff3f2915e68f72b38992aae2b
2007-08-15 10:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-15 10:27 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-15 10:22 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-08-15 10:20 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-15 10:20 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-15 10:20 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-15 10:06 454,656 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2007-08-15 10:05 180,224 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-08-15 10:03 <DIR> d-------- C:\System Chipset
2007-08-15 09:52 <DIR> d-------- C:\Lan
2007-08-14 12:40 <DIR> d-------- C:\DOCUME~1\JAMESG~1.NIC\APPLIC~1\AdobeUM
2007-08-14 12:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-08-14 12:32 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-08-14 10:42 <DIR> d-------- C:\DOCUME~1\JAMESG~1.NIC\APPLIC~1\InstallShield
2007-08-14 10:16 <DIR> d-------- C:\DOCUME~1\JAMESG~1\LOCALS~1
2007-08-14 09:06 <DIR> d-------- C:\WINDOWS\nview
2007-08-14 05:58 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-08-13 17:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-13 17:19 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-08-13 17:19 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-13 17:19 <DIR> d-------- C:\Program Files\AMD
2007-08-13 17:18 <DIR> d-------- C:\dell
2007-08-13 17:17 <DIR> d-------- C:\NV33923420.TMP
2007-08-13 17:17 <DIR> d-------- C:\NV1168300.TMP
2007-08-13 17:16 9,728 --a------ C:\WINDOWS\system32\bdco1ins.dll
2007-08-13 17:16 201,728 --a------ C:\WINDOWS\system32\fdco1ins.dll
2007-08-13 17:16 <DIR> d-------- C:\WINDOWS\NV1452336.TMP
2007-08-13 16:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-13 16:21 <DIR> d-------- C:\NVIDIA
2007-08-13 16:06 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-08-13 14:56 <DIR> d-------- C:\Program Files\TrueSwitch
2007-08-13 14:43 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-08-13 14:43 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-08-13 14:43 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-08-13 14:12 202,032 --a------ C:\WINDOWS\system32\drivers\Si3114r5.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-15 10:04 9728 --a------ C:\WINDOWS\system32\bdco1.dll
2007-08-15 10:04 88960 --a------ C:\WINDOWS\system32\drivers\nvatabus.sys
2007-08-15 10:04 33536 --a------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2007-08-15 10:04 32256 --a------ C:\WINDOWS\system32\nvconrm.dll
2007-08-15 10:04 295424 --a------ C:\WINDOWS\system32\idecoi.dll
2007-08-15 10:04 261888 --a------ C:\WINDOWS\system32\drivers\nvnrm.sys
2007-08-15 10:04 208256 --a------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2007-08-15 10:04 201728 --a------ C:\WINDOWS\system32\fdco1.dll
2007-08-15 10:04 12928 --a------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2007-06-25 20:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 03:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 00:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-02-28 09:21 336201 --a------ C:\Program Files\address book.WAB


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]

C:\DOCUME~1\JAMESG~1.NIC\STARTM~1\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\D:\Other\EVEREST\kerneld.wnt
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\E89.tmp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ce0f220-4a9e-11dc-aa60-806d6172696f}]
AutoRun\command- D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1a6dc2-4835-11dc-a78c-806d6172696f}]
AutoRun\command- D:\SETUP.EXE /UPDATE


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 12:57:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-30 12:57:34
C:\ComboFix-quarantined-files.txt ... 2007-08-30 12:57
C:\ComboFix2.txt ... 2007-08-20 08:33
C:\ComboFix3.txt ... 2007-08-20 08:03

--- E O F ---

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

The HJT log is clean, and I see no problems in the combofix log.

A Kaspersky scan would be a good final check.
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here. I do not need to see a clean scan report.

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

The Kapersky online scanning report was clean. It notes a number of locked files; please let me know if I should do anything further with the locked files.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, August 30, 2007 5:37:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 31/08/2007
Kaspersky Anti-Virus database records: 376012
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 29079
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:34:38

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\James G. Nicolay\Application Data\Adobe\Acrobat\7.0\ndioffice1.err Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Application Data\Mozilla\Firefox\Profiles\3e1vfqvm.default\cert8.db Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Application Data\Mozilla\Firefox\Profiles\3e1vfqvm.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Application Data\Mozilla\Firefox\Profiles\3e1vfqvm.default\history.dat Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Application Data\Mozilla\Firefox\Profiles\3e1vfqvm.default\key3.db Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Application Data\Mozilla\Firefox\Profiles\3e1vfqvm.default\parent.lock Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Application Data\Mozilla\Firefox\Profiles\3e1vfqvm.default\search.sqlite Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Application Data\Mozilla\Firefox\Profiles\3e1vfqvm.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\Application Data\Mozilla\Firefox\Profiles\3e1vfqvm.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\Application Data\Mozilla\Firefox\Profiles\3e1vfqvm.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\Application Data\Mozilla\Firefox\Profiles\3e1vfqvm.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\Application Data\Mozilla\Firefox\Profiles\3e1vfqvm.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\Temp\Acr6CB4.tmp Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0000\~efe2.tmp Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0001\~efe2.tmp Object is locked skipped
C:\Documents and Settings\James G. Nicolay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\James G. Nicolay\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\James G. Nicolay\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6C3B9FC1-E63E-46F3-B842-7EF728357823}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{04ACB942-7310-422D-AE0E-B7ED10D43A26}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{38842904-A588-49E7-A53E-874EB4773F90}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Negative, you are good to go:bigthumb:

Safe surfing

Thanks