Here are my reports. I had already ran Spybot a couple of times thinking that would do the trick. I then tried a couple of things before I found the forum.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:02 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1209042606&rver=4.5.2135.0&wp=MBI&wreply=http:%2F%2Fhome.officelive.com%2FSettings%2FPages%2Fchoosesubscription.aspx&lc=1033&id=66623&partner=OfficeLive
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {2FD1583D-2651-444E-B4AE-B2283CAF39F4} - C:\WINDOWS\system32\byXRhHyX.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {ADE0962F-5522-4682-8F0B-23780A9096BF} - C:\WINDOWS\system32\cbXRHbxw.dll
O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - C:\WINDOWS\system32\ssqNGXOg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [c81f81ac] rundll32.exe "C:\WINDOWS\system32\gvfydtsg.dll",b
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ssqNGXOg - C:\WINDOWS\SYSTEM32\ssqNGXOg.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6790 bytes


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 04, 2008 1:12:28 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 738126
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 22509
Number of viruses found: 3
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 00:38:14

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\guided.light.photo\Application Data\Mozilla\Firefox\Profiles\glib2kqi.default\cert8.db Object is locked skipped
C:\Documents and Settings\guided.light.photo\Application Data\Mozilla\Firefox\Profiles\glib2kqi.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\guided.light.photo\Application Data\Mozilla\Firefox\Profiles\glib2kqi.default\history.dat Object is locked skipped
C:\Documents and Settings\guided.light.photo\Application Data\Mozilla\Firefox\Profiles\glib2kqi.default\key3.db Object is locked skipped
C:\Documents and Settings\guided.light.photo\Application Data\Mozilla\Firefox\Profiles\glib2kqi.default\parent.lock Object is locked skipped
C:\Documents and Settings\guided.light.photo\Application Data\Mozilla\Firefox\Profiles\glib2kqi.default\search.sqlite Object is locked skipped
C:\Documents and Settings\guided.light.photo\Application Data\Mozilla\Firefox\Profiles\glib2kqi.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\guided.light.photo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\guided.light.photo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\guided.light.photo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\guided.light.photo\Local Settings\Application Data\Mozilla\Firefox\Profiles\glib2kqi.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\guided.light.photo\Local Settings\Application Data\Mozilla\Firefox\Profiles\glib2kqi.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\guided.light.photo\Local Settings\Application Data\Mozilla\Firefox\Profiles\glib2kqi.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\guided.light.photo\Local Settings\Application Data\Mozilla\Firefox\Profiles\glib2kqi.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\guided.light.photo\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\guided.light.photo\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\guided.light.photo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\guided.light.photo\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\guided.light.photo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5CA47774-0A6B-4F36-908D-4EF2E5555871}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\isjlelcp.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ssqNGXOg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qlg skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xrinaxvf.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

I thank you in advance for taking the time to look this over.

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You are infected, I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
This can be a tough infection to remove so do not expect fast or easy.

1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

2) Remove any old copies of combofix before you proceed.

Thanks to sUBs and anyone else who helped with this fix.

It is important that it is saved directly to your Desktop

Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the combofix log and a new HJT log.

Tutorial if needed:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks

ComboFix 08-05-01.3 - guided.light.photo 2008-05-04 8:25:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.202 [GMT -4:00]
Running from: C:\Documents and Settings\guided.light.photo\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\guided.light.photo\Application Data\inst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\defMlnpo.ini
C:\WINDOWS\system32\defMlnpo.ini2
C:\WINDOWS\system32\exsbasuh.dll
C:\WINDOWS\system32\fvxanirx.ini
C:\WINDOWS\system32\gstdyfvg.ini
C:\WINDOWS\system32\hkkspupk.ini
C:\WINDOWS\system32\husabsxe.ini
C:\WINDOWS\system32\isjlelcp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnlMfed.dll
C:\WINDOWS\system32\pbqfrwck.dll
C:\WINDOWS\system32\ssqNGXOg.dll
C:\WINDOWS\system32\vuyeqehc.ini
C:\WINDOWS\system32\wxbHRXbc.ini
C:\WINDOWS\system32\wxbHRXbc.ini2
C:\WINDOWS\system32\xrinaxvf.dll
C:\WINDOWS\system32\XyHhRXyb.ini
C:\WINDOWS\system32\XyHhRXyb.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-04 01:18 . 2008-05-04 01:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-04 00:21 . 2008-05-04 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 00:20 . 2008-05-04 00:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 21:43 . 2008-05-04 01:47 443 --a------ C:\WINDOWS\wininit.ini
2008-05-03 20:44 . 2008-05-03 20:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 20:44 . 2008-05-03 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 18:27 . 2008-05-03 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\logs
2008-05-03 15:40 . 2008-05-03 15:40 <DIR> d-------- C:\Program Files\PowerDataRecovery
2008-05-03 10:16 . 2008-05-03 10:16 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-03 10:16 . 2008-05-03 10:16 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-03 09:52 . 2008-05-03 09:52 <DIR> d-------- C:\Documents and Settings\guided.light.photo\Application Data\Sunbelt Software
2008-05-03 09:52 . 2008-05-03 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-05-03 09:52 . 2008-05-03 09:52 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-05-03 09:49 . 2008-05-03 09:49 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-05-03 08:57 . 2008-05-03 08:57 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-05-03 08:57 . 2008-05-03 14:12 <DIR> d-------- C:\Documents and Settings\guided.light.photo\Application Data\Vso
2008-05-03 08:57 . 2008-05-03 08:57 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-03 08:57 . 2008-05-03 08:57 47,360 --a------ C:\Documents and Settings\guided.light.photo\Application Data\pcouffin.sys
2008-05-02 11:17 . 2008-05-02 11:17 <DIR> d-------- C:\Program Files\Microsoft Expression
2008-05-01 07:11 . 2008-05-01 07:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-01 07:08 . 2008-05-01 07:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-01 07:08 . 2008-05-04 08:25 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-05-01 06:39 . 2008-05-02 07:42 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-30 11:06 . 2008-05-01 06:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-29 07:52 . 2008-04-29 07:53 <DIR> d-------- C:\Program Files\PhotoPerfect
2008-04-24 10:03 . 2008-04-24 10:03 <DIR> d-------- C:\Program Files\Photodex Presenter
2008-04-24 10:03 . 2008-04-24 10:03 <DIR> d-------- C:\Documents and Settings\guided.light.photo\Application Data\Netscape
2008-04-24 09:12 . 2008-04-24 09:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-24 06:48 . 2008-04-24 06:48 <DIR> d-------- C:\Program Files\ffdshow
2008-04-24 06:48 . 2008-04-21 15:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-04-24 06:48 . 2008-04-21 15:00 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-24 06:48 . 2008-04-21 15:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-24 06:40 . 2008-04-24 06:41 <DIR> d-------- C:\Documents and Settings\guided.light.photo\Application Data\Media Player Classic
2008-04-15 08:57 . 2008-04-15 08:57 <DIR> d-------- C:\Documents and Settings\guided.light.photo\Application Data\Apple Computer
2008-04-13 10:56 . 2008-05-03 14:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 10:56 . 2008-04-13 10:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-11 12:19 . 2008-04-11 12:25 <DIR> d-------- C:\Program Files\RocketDock
2008-04-10 13:00 . 2008-04-10 13:00 <DIR> d-------- C:\Documents and Settings\guided.light.photo\Application Data\Canon
2008-04-10 12:49 . 2008-04-10 13:04 <DIR> d-------- C:\Documents and Settings\guided.light.photo\Application Data\ZoomBrowser EX
2008-04-10 12:42 . 2008-04-10 12:42 <DIR> d-------- C:\Program Files\Foxit Software
2008-04-10 12:31 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-10 12:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-10 12:31 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-10 12:31 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-10 12:22 . 2008-04-10 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-10 12:21 . 2008-05-03 18:14 <DIR> d-------- C:\Program Files\Canon
2008-04-10 12:19 . 2008-05-03 18:10 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-04-06 21:59 . 2008-04-06 21:59 <DIR> d-------- C:\Documents and Settings\guided.light.photo\Application Data\iView
2008-04-06 21:58 . 2008-04-06 21:58 <DIR> d-------- C:\Program Files\QuickTime
2008-04-06 21:58 . 2008-04-06 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-06 21:57 . 2008-04-06 21:57 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-06 21:57 . 2008-04-06 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-06 21:51 . 2008-04-06 21:51 <DIR> d-------- C:\Program Files\iView MediaPro3
2008-04-06 21:51 . 2008-04-06 21:51 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-04-06 21:31 . 2008-04-06 21:31 <DIR> d-------- C:\Program Files\uTorrent
2008-04-06 21:31 . 2008-05-03 09:46 <DIR> d-------- C:\Documents and Settings\guided.light.photo\Application Data\uTorrent
2008-04-06 13:36 . 2008-04-06 13:36 <DIR> d-------- C:\Program Files\FastStone Photo Resizer
2008-04-06 13:09 . 2008-04-06 13:09 <DIR> d-------- C:\Program Files\FastStone Image Viewer
2008-04-06 13:09 . 2008-04-06 13:36 <DIR> d-------- C:\Documents and Settings\guided.light.photo\Application Data\FastStone
2008-04-04 09:43 . 2008-04-04 09:43 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 12:09 --------- d-----w C:\Documents and Settings\guided.light.photo\Application Data\AVG7
2008-04-03 14:43 --------- d-----w C:\Program Files\MSBuild
2008-04-03 14:39 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-03 14:37 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-03 14:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-03 14:26 --------- d-----w C:\Program Files\CONEXANT
2008-04-03 13:04 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-03 03:53 --------- d-----w C:\Program Files\Broadcom
2008-04-03 03:52 --------- d-----w C:\Program Files\Dell
2008-04-03 03:41 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-03 03:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-03 03:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-03 03:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 03:02 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-03 03:02 --------- d-----w C:\Documents and Settings\guided.light.photo\Application Data\Intel
2008-04-03 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-04-03 03:01 --------- d-----w C:\Program Files\Synaptics
2008-04-03 03:01 --------- d-----w C:\Program Files\Intel
2008-04-03 03:00 5 ----a-w C:\WINDOWS\system32\drivers\DELL_INS_700m.MRK
2008-04-03 03:00 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_INS_700m.MRK
2008-04-03 03:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-03 02:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 02:55 --------- d-----w C:\Program Files\SigmaTel
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22A3E2D9-3F3E-472A-A247-6AEBB1E815AB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FD1583D-2651-444E-B4AE-B2283CAF39F4}]
C:\WINDOWS\system32\byXRhHyX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E41A5674-82AC-45ED-8287-0844FE6F003B}]
C:\WINDOWS\system32\cbXRHbxw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 12:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 12:52 602182]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 09:53 579584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 12:57 698864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-02 23:07 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNGXOg]
ssqNGXOg.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"=

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-05-03 09:52]
R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys [2006-07-21 14:42]
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 08:32:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-05-04 8:34:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-04 12:34:27

Pre-Run: 21,379,055,616 bytes free
Post-Run: 21,339,860,992 bytes free

190 --- E O F --- 2008-04-09 12:51:52


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:02 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1209042606&rver=4.5.2135.0&wp=MBI&wreply=http:%2F%2Fhome.officelive.com%2FSettings%2FPages%2Fchoosesubscription.aspx&lc=1033&id=66623&partner=OfficeLive
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {2FD1583D-2651-444E-B4AE-B2283CAF39F4} - C:\WINDOWS\system32\byXRhHyX.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {E41A5674-82AC-45ED-8287-0844FE6F003B} - C:\WINDOWS\system32\cbXRHbxw.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ssqNGXOg - ssqNGXOg.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6659 bytes

Thanks for returning your information...

the first thing I asked you to do was disable TeaTimer and leave it disabled, this has not been done? It is very important that you read and follow the directions.

1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)


2) Download ResetTeaTimer.bat to the Desktop
http://downloads.subratam.org/ResetTeaTimer.bat
Double click ResetTeaTimer.bat
to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).

3) CounterSpy: Right-click the running icon of CounterSpy in the system tray. With your mouse, hover over Active Protection Status (This should be enabled). A menu will slide out and then you need to right click on "Disable Active Protection".

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {2FD1583D-2651-444E-B4AE-B2283CAF39F4} - C:\WINDOWS\system32\byXRhHyX.dll (file missing)
O2 - BHO: (no name) - {E41A5674-82AC-45ED-8287-0844FE6F003B} - C:\WINDOWS\system32\cbXRHbxw.dll (file missing)
O20 - Winlogon Notify: ssqNGXOg - ssqNGXOg.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart and post a new HJT log, let me know how the computer is running.

Thanks

Thank you very much for your help and prompt responses. The Tea Time thing restarted by itself when the computer rebooted, not sure why, but it did.

Now I'm having a hard drive problem, Spin Rite wouldn't even run, much loud clicking all of a sudden. The tell-tale sounds of a drive about to die, so I'll just replace the drive.

Thank you again.

Sorry to hear you had this problem, here is information that may help in the future.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.