I have searched several threads and thought I would give a try to what some of the experts had advised to others on the Virtumonde. when doing the Hijackthis, I was not sure what to keep or get rid of. My PC has really turned a 180 after downloading a file from the internet. Also when computer starts, I get a RUNDLL error "Error loading C:\WINDOWS\system32\evenofww.dll" states "The specified module could not be found". I do a search on the .dll and it shows up in the application data.

Please assist if you can with my troubles, if you need more information I can provide it.

this is my logs from Hijackthis;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:01 PM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {152A5718-96A7-47D0-A5F2-2A14EECD8E3C} - C:\WINDOWS\system32\wvUmjIxu.dll (file missing)
O2 - BHO: (no name) - {4035B8B6-9500-44D3-AD96-14B968EAC000} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {86953B13-BCF3-4881-A3ED-9E7A7E58C9FD} - (no file)
O2 - BHO: (no name) - {B85E5E92-A40E-48B0-922E-84867A826470} - C:\WINDOWS\system32\ddcDuRhE.dll (file missing)
O2 - BHO: (no name) - {E243A8E7-6244-49E0-A361-22DBF30FD46C} - C:\WINDOWS\system32\vtUnnnkL.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [90cb8b1f] rundll32.exe "C:\WINDOWS\system32\msrajmsf.dll",b
O4 - HKLM\..\Run: [BM93f8b883] Rundll32.exe "C:\WINDOWS\system32\evenofww.dll",s
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219597155162
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: vtUnnnkL - C:\WINDOWS\SYSTEM32\vtUnnnkL.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 5031 bytes
------------------------------------
http://forums.spybot.info/showthread.php?p=228100#post228100

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You are still infected, but I am seeing no antivirus program running on this computer???

If you need a free one, here are three to choose from:
http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
http://www.avast.com/eng/avast_4_home.html
http://www.free-av.com/

If you use those, install no more than one. When you have an antivirus program running on the computer, update it and run a system scan removing what it finds, then post a new HJT log and I will see what is left to do.

Thanks

Thanks for the quick response, here is the new HJT report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:50 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wpabaln.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {152A5718-96A7-47D0-A5F2-2A14EECD8E3C} - (no file)
O2 - BHO: (no name) - {4035B8B6-9500-44D3-AD96-14B968EAC000} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6177A088-0E0A-44C0-AD5C-1809E14E7A39} - (no file)
O2 - BHO: (no name) - {86953B13-BCF3-4881-A3ED-9E7A7E58C9FD} - (no file)
O2 - BHO: (no name) - {B85E5E92-A40E-48B0-922E-84867A826470} - (no file)
O2 - BHO: (no name) - {E243A8E7-6244-49E0-A361-22DBF30FD46C} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM93f8b883] Rundll32.exe "C:\WINDOWS\system32\evenofww.dll",s
O4 - HKLM\..\Run: [90cb8b1f] rundll32.exe "C:\WINDOWS\system32\msrajmsf.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219597155162
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: vtUnnnkL - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5487 bytes

Thanks for returning your information, proceed carefully and always in the numbered order.

1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

2) Remove any old copies of combofix before you proceed.

Thanks to sUBs and anyone else who helped with this fix.

It is important that it is saved directly to your Desktop.

Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the combofix log and a new HJT log.

Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks

Combofix.txt

ComboFix 08-08-25.01 - Admin 2008-08-26 14:50:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.69 [GMT -4:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-26 13:10 . 2008-08-26 13:10 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-25 10:25 . 2008-08-25 10:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-25 10:15 . 2008-08-26 11:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-24 22:12 . 2008-08-25 13:10 211 --a------ C:\WINDOWS\wininit.ini
2008-08-24 19:49 . 2008-08-24 19:55 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-24 19:08 . 2008-08-24 20:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-24 19:08 . 2008-08-25 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-24 18:07 . 2008-08-24 18:07 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\dvdcss
2008-08-24 17:17 . 2008-08-24 17:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-24 17:05 . 2008-08-24 17:05 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-24 17:04 . 2008-08-24 17:19 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-24 17:00 . 2005-11-21 01:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-08-24 17:00 . 2005-11-21 01:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-08-24 16:58 . 2008-08-24 16:59 <DIR> d-------- C:\Program Files\Xilisoft
2008-08-24 16:49 . 2008-08-24 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-24 16:27 . 2008-08-24 16:27 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\HP
2008-08-24 16:22 . 2008-08-24 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-24 16:21 . 2008-08-24 16:21 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-24 16:18 . 2008-08-24 16:18 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-24 16:17 . 2008-08-24 16:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-24 16:16 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-24 16:16 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-08-24 16:16 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-08-24 16:16 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-08-24 16:16 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-08-24 16:16 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-08-24 16:16 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-08-24 16:12 . 2008-08-24 16:22 <DIR> d-------- C:\Program Files\HP
2008-08-24 16:09 . 2008-08-24 16:25 113,168 --a------ C:\WINDOWS\hpoins07.dat
2008-08-24 16:09 . 2005-05-24 02:52 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-08-24 16:08 . 2005-03-08 00:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-08-24 16:08 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-24 16:08 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-24 16:08 . 2005-03-08 00:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-08-24 16:08 . 2005-03-08 00:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-08-24 16:07 . 2005-04-07 21:51 606,208 -ra------ C:\WINDOWS\system32\hpotscl.dll
2008-08-24 16:07 . 2005-04-07 21:51 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2008-08-24 16:07 . 2005-03-08 00:39 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-08-24 16:07 . 2005-04-07 21:51 258,122 -ra------ C:\WINDOWS\system32\hpovst08.dll
2008-08-24 16:07 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-24 16:07 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-24 16:02 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-24 16:02 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-24 16:01 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-24 16:01 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-24 16:01 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-24 15:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-24 15:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-24 15:48 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-24 14:49 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-24 14:41 . 2008-08-24 14:41 <DIR> d-------- C:\Program Files\Microsoft Works
2008-08-24 14:40 . 2008-08-24 14:40 <DIR> d-------- C:\Program Files\MSBuild
2008-08-24 14:25 . 2008-08-24 14:39 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-24 14:24 . 2008-08-24 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-24 14:22 . 2008-08-24 14:22 <DIR> dr-h----- C:\MSOCache
2008-08-24 13:32 . 2008-08-24 13:32 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-24 13:30 . 2008-08-24 13:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-24 13:28 . 2008-08-24 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-24 13:28 . 2008-08-24 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-24 13:28 . 2008-08-24 13:28 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\acccore
2008-08-24 13:28 . 2004-08-04 00:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-08-24 13:27 . 2008-08-24 13:27 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-08-24 13:27 . 2008-08-24 13:28 <DIR> d-------- C:\Program Files\AIM6
2008-08-24 13:27 . 2008-08-24 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-08-24 13:27 . 2008-08-24 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-08-24 13:27 . 2008-08-24 13:28 404 --ah----- C:\IPH.PH
2008-08-24 13:26 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002135_.tmp
2008-08-24 13:23 . 2008-08-24 13:23 <DIR> d-------- C:\WINDOWS\EHome
2008-08-24 13:02 . 2008-08-24 13:02 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-24 13:02 . 2008-08-26 12:41 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-24 13:02 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-24 13:01 . 2004-08-04 00:56 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-08-24 13:01 . 2004-08-04 00:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-08-24 13:01 . 2004-08-04 00:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-08-24 13:01 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-08-24 13:01 . 2004-08-04 00:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 16:49 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2008-08-26_11.22.15.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-08-26 18:45:49 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 11:21 50472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"BM93f8b883"="C:\WINDOWS\system32\evenofww.dll"
"90cb8b1f"="C:\WINDOWS\system32\msrajmsf.dll" [BU]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 10:38 78008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUnnnkL]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 10:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-26 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]
.
- - - - ORPHANS REMOVED - - - -

BHO-{152A5718-96A7-47D0-A5F2-2A14EECD8E3C} - (no file)
BHO-{4035B8B6-9500-44D3-AD96-14B968EAC000} - (no file)
BHO-{6177A088-0E0A-44C0-AD5C-1809E14E7A39} - (no file)
BHO-{86953B13-BCF3-4881-A3ED-9E7A7E58C9FD} - (no file)
BHO-{B85E5E92-A40E-48B0-922E-84867A826470} - (no file)
BHO-{E243A8E7-6244-49E0-A361-22DBF30FD46C} - (no file)
HKLM-Run-ISTray - C:\Program Files\Spyware Doctor\pctsTray.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 14:53:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-26 14:55:45
ComboFix-quarantined-files.txt 2008-08-26 18:55:35
ComboFix2.txt 2008-08-26 15:23:25

Pre-Run: 130,965,663,744 bytes free
Post-Run: 130,956,038,144 bytes free

188 --- E O F --- 2008-08-24 18:46:10


[B]HJT.txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:02 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BM93f8b883] Rundll32.exe "C:\WINDOWS\system32\evenofww.dll",s
O4 - HKLM\..\Run: [90cb8b1f] rundll32.exe "C:\WINDOWS\system32\msrajmsf.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219597155162
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: vtUnnnkL - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4638 bytes

1) Download ResetTeaTimer.bat to the Desktop
http://downloads.subratam.org/ResetTeaTimer.bat
Double click ResetTeaTimer.bat
to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

3) Open notepad and copy/paste the text in the codebox below into it:


File::
C:\WINDOWS\system32\evenofww.dll
C:\WINDOWS\system32\msrajmsf.dll

Save this as CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKLM\..\Run: [BM93f8b883] Rundll32.exe "C:\WINDOWS\system32\evenofww.dll",s
O4 - HKLM\..\Run: [90cb8b1f] rundll32.exe "C:\WINDOWS\system32\msrajmsf.dll",b
O20 - Winlogon Notify: vtUnnnkL - C:\WINDOWS\

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may results in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

6) Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the combofix log from CFScript, the log from MBAM and a new HJT log.

How is the computer running now.

Thanks

Here is the requested reports

CFScript
ComboFix 08-08-25.01 - Admin 2008-08-26 17:16:28.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.77 [GMT -4:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\evenofww.dll
C:\WINDOWS\system32\msrajmsf.dll
.

((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-26 13:10 . 2008-08-26 13:10 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-25 10:25 . 2008-08-25 10:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-25 10:15 . 2008-08-26 11:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-24 22:12 . 2008-08-25 13:10 211 --a------ C:\WINDOWS\wininit.ini
2008-08-24 19:49 . 2008-08-24 19:55 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-24 19:08 . 2008-08-24 20:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-24 19:08 . 2008-08-25 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-24 18:07 . 2008-08-24 18:07 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\dvdcss
2008-08-24 17:17 . 2008-08-24 17:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-24 17:05 . 2008-08-24 17:05 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-24 17:04 . 2008-08-24 17:19 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-24 17:00 . 2005-11-21 01:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-08-24 17:00 . 2005-11-21 01:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-08-24 16:58 . 2008-08-24 16:59 <DIR> d-------- C:\Program Files\Xilisoft
2008-08-24 16:49 . 2008-08-24 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-24 16:27 . 2008-08-24 16:27 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\HP
2008-08-24 16:22 . 2008-08-24 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-24 16:21 . 2008-08-24 16:21 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-24 16:18 . 2008-08-24 16:18 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-24 16:17 . 2008-08-24 16:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-24 16:16 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-24 16:16 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-08-24 16:16 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-08-24 16:16 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-08-24 16:16 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-08-24 16:16 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-08-24 16:16 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-08-24 16:12 . 2008-08-24 16:22 <DIR> d-------- C:\Program Files\HP
2008-08-24 16:09 . 2008-08-24 16:25 113,168 --a------ C:\WINDOWS\hpoins07.dat
2008-08-24 16:09 . 2005-05-24 02:52 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-08-24 16:08 . 2005-03-08 00:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-08-24 16:08 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-24 16:08 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-24 16:08 . 2005-03-08 00:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-08-24 16:08 . 2005-03-08 00:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-08-24 16:07 . 2005-04-07 21:51 606,208 -ra------ C:\WINDOWS\system32\hpotscl.dll
2008-08-24 16:07 . 2005-04-07 21:51 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2008-08-24 16:07 . 2005-03-08 00:39 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-08-24 16:07 . 2005-04-07 21:51 258,122 -ra------ C:\WINDOWS\system32\hpovst08.dll
2008-08-24 16:07 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-24 16:07 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-24 16:02 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-24 16:02 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-24 16:01 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-24 16:01 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-24 16:01 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-24 15:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-24 15:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-24 15:48 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-24 14:49 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-24 14:41 . 2008-08-24 14:41 <DIR> d-------- C:\Program Files\Microsoft Works
2008-08-24 14:40 . 2008-08-24 14:40 <DIR> d-------- C:\Program Files\MSBuild
2008-08-24 14:25 . 2008-08-24 14:39 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-24 14:24 . 2008-08-24 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-24 14:22 . 2008-08-24 14:22 <DIR> dr-h----- C:\MSOCache
2008-08-24 13:32 . 2008-08-24 13:32 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-24 13:30 . 2008-08-24 13:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-24 13:28 . 2008-08-24 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-24 13:28 . 2008-08-24 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-24 13:28 . 2008-08-24 13:28 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\acccore
2008-08-24 13:28 . 2004-08-04 00:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-08-24 13:27 . 2008-08-24 13:27 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-08-24 13:27 . 2008-08-24 13:28 <DIR> d-------- C:\Program Files\AIM6
2008-08-24 13:27 . 2008-08-24 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-08-24 13:27 . 2008-08-24 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-08-24 13:27 . 2008-08-24 13:28 404 --ah----- C:\IPH.PH
2008-08-24 13:26 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002135_.tmp
2008-08-24 13:23 . 2008-08-24 13:23 <DIR> d-------- C:\WINDOWS\EHome
2008-08-24 13:02 . 2008-08-24 13:02 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-24 13:02 . 2008-08-26 12:41 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-24 13:02 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-24 13:01 . 2004-08-04 00:56 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-08-24 13:01 . 2004-08-04 00:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-08-24 13:01 . 2004-08-04 00:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-08-24 13:01 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-08-24 13:01 . 2004-08-04 00:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 16:49 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2008-08-26_11.22.15.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-08-26 18:45:49 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 11:21 50472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"BM93f8b883"="C:\WINDOWS\system32\evenofww.dll"
"90cb8b1f"="C:\WINDOWS\system32\msrajmsf.dll" [BU]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 10:38 78008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUnnnkL]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 10:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-26 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 17:19:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-26 17:21:10
ComboFix-quarantined-files.txt 2008-08-26 21:21:01
ComboFix2.txt 2008-08-26 18:55:47
ComboFix3.txt 2008-08-26 15:23:25

Pre-Run: 130,941,018,112 bytes free
Post-Run: 130,932,748,288 bytes free

180 --- E O F --- 2008-08-24 18:46:10


[B]mbam
Malwarebytes' Anti-Malware 1.25
Database version: 1088
Windows 5.1.2600 Service Pack 2

2:50:19 AM 8/27/2008
mbam-log-08-27-2008 (02-50-19).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 65649
Time elapsed: 9 hour(s), 17 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\akfgjenv.exe.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ccelnhwt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\coghkf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hvuqxo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifdabCV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lkrhrxrh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\msrajmsf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ohtxkcjs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\whbocmir.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP14\A0003890.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP14\A0003891.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP14\A0008034.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP16\A0008066.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP16\A0008067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP16\A0008068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP16\A0008069.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP16\A0008070.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP16\A0008071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP16\A0008072.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP16\A0008073.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BF14ECD3-E9E3-4F39-BFD6-A038A4632398}\RP16\A0008076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:58 AM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219597155162
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4499 bytes

How is the computer running now.
You are my eyes and ears during this remote experience and how/when I proceed have much to do with your feedback. If I missed your comments, I surely apologize.

All of what MBAM found is quarantined in combofix and in infected System Restore files which we will address soon. If all is running as it should, this is the next bridge we must cross.

I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not have access to Recovery Console via a Windows CD, I strongly advise you to install this tool.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\*CF-RC.txt*.

http://img.photobucket.com/albums/v666/sUBs/RC1-4.gif

Since we do not need to scan with combofix, click NO

http://img.photobucket.com/albums/v666/sUBs/RC_whatnext.gif

http://img.photobucket.com/albums/v666/sUBs/RC_AllDone.gif

Thanks...Phil

ComboFix 08-08-26.03 - Admin 2008-08-27 9:00:47.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.61 [GMT -4:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.

2008-08-27 06:13 . 2008-08-27 06:13 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-27 06:06 . 2008-08-27 06:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-26 17:28 . 2008-08-26 17:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 17:28 . 2008-08-26 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 17:28 . 2008-08-26 17:28 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-08-26 17:28 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 17:28 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 13:10 . 2008-08-26 13:10 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-26 12:41 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-26 12:02 . 2008-04-11 14:50 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-26 12:02 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-25 10:25 . 2008-08-25 10:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-25 10:15 . 2008-08-26 11:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-24 22:12 . 2008-08-25 13:10 211 --a------ C:\WINDOWS\wininit.ini
2008-08-24 19:49 . 2008-08-24 19:55 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-24 19:08 . 2008-08-24 20:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-24 19:08 . 2008-08-25 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-24 18:07 . 2008-08-24 18:07 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\dvdcss
2008-08-24 17:17 . 2008-08-24 17:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-24 17:05 . 2008-08-24 17:05 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-24 17:04 . 2008-08-24 17:19 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-24 17:00 . 2005-11-21 01:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-08-24 17:00 . 2005-11-21 01:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-08-24 16:58 . 2008-08-24 16:59 <DIR> d-------- C:\Program Files\Xilisoft
2008-08-24 16:49 . 2008-08-24 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-24 16:27 . 2008-08-24 16:27 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\HP
2008-08-24 16:22 . 2008-08-24 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-24 16:21 . 2008-08-24 16:21 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-24 16:18 . 2008-08-24 16:18 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-24 16:17 . 2008-08-24 16:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-24 16:16 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-24 16:16 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-08-24 16:16 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-08-24 16:16 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-08-24 16:16 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-08-24 16:16 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-08-24 16:16 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-08-24 16:12 . 2008-08-24 16:22 <DIR> d-------- C:\Program Files\HP
2008-08-24 16:09 . 2008-08-24 16:25 113,168 --a------ C:\WINDOWS\hpoins07.dat
2008-08-24 16:09 . 2005-05-24 02:52 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-08-24 16:08 . 2005-03-08 00:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-08-24 16:08 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-24 16:08 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-24 16:08 . 2005-03-08 00:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-08-24 16:08 . 2005-03-08 00:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-08-24 16:07 . 2005-04-07 21:51 606,208 -ra------ C:\WINDOWS\system32\hpotscl.dll
2008-08-24 16:07 . 2005-04-07 21:51 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2008-08-24 16:07 . 2005-03-08 00:39 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-08-24 16:07 . 2005-04-07 21:51 258,122 -ra------ C:\WINDOWS\system32\hpovst08.dll
2008-08-24 16:07 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-24 16:07 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-24 16:02 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-24 16:02 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-24 16:01 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-24 16:01 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-24 16:01 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-24 15:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-24 15:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-24 15:48 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-24 14:49 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-24 14:41 . 2008-08-24 14:41 <DIR> d-------- C:\Program Files\Microsoft Works
2008-08-24 14:40 . 2008-08-24 14:40 <DIR> d-------- C:\Program Files\MSBuild
2008-08-24 14:25 . 2008-08-24 14:39 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-24 14:24 . 2008-08-27 06:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-24 14:22 . 2008-08-24 14:22 <DIR> dr-h----- C:\MSOCache
2008-08-24 13:32 . 2008-08-24 13:32 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-24 13:30 . 2008-08-24 13:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-24 13:28 . 2008-08-24 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-24 13:28 . 2008-08-24 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-24 13:28 . 2008-08-24 13:28 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\acccore
2008-08-24 13:28 . 2004-08-04 00:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-08-24 13:27 . 2008-08-24 13:27 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-08-24 13:27 . 2008-08-24 13:28 <DIR> d-------- C:\Program Files\AIM6
2008-08-24 13:27 . 2008-08-24 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-08-24 13:27 . 2008-08-24 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-08-24 13:27 . 2008-08-24 13:28 404 --ah----- C:\IPH.PH
2008-08-24 13:26 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002135_.tmp
2008-08-24 13:23 . 2008-08-24 13:23 <DIR> d-------- C:\WINDOWS\EHome
2008-08-24 13:02 . 2008-08-24 13:02 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-24 13:02 . 2008-08-27 06:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-24 13:02 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-24 13:01 . 2004-08-04 00:56 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-08-24 13:01 . 2004-08-04 00:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-08-24 13:01 . 2004-08-04 00:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-08-24 13:01 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-08-24 13:01 . 2004-08-04 00:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 16:49 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-26_11.22.15.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:11:40 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\browseui.dll
+ 2008-06-23 16:11:40 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\cdfview.dll
+ 2008-06-23 16:11:42 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\danim.dll
+ 2008-06-23 16:11:43 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:11:43 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtrans.dll
+ 2008-06-23 16:11:43 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\extmgr.dll
+ 2008-06-23 09:53:58 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe
+ 2008-06-23 16:11:52 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iepeers.dll
+ 2008-06-23 16:11:52 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\inseng.dll
+ 2008-06-23 16:11:52 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\jsproxy.dll
+ 2008-06-23 16:11:58 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtml.dll
+ 2008-06-23 16:12:00 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtmled.dll
+ 2008-06-23 16:12:02 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\msrating.dll
+ 2008-06-23 16:12:02 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mstime.dll
+ 2008-06-23 16:12:02 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\pngfilt.dll
+ 2008-06-23 16:12:05 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shdocvw.dll
+ 2008-06-23 16:12:05 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shlwapi.dll
+ 2008-06-23 16:12:06 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\urlmon.dll
+ 2008-06-23 16:12:08 667,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\xpsp3res.dll
+ 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll
+ 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
+ 2008-06-26 08:15:30 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll
+ 2008-06-23 15:09:27 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
+ 2008-06-25 04:24:48 3,067,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
+ 2008-06-26 08:00:52 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
+ 2008-06-26 08:00:52 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll
+ 2008-06-23 14:54:47 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2006-10-27 19:16:36 133,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-27 00:55:32 87,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 19:07:36 17,891,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-27 00:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 00:55:48 340,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 19:04:08 497,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 19:04:10 9,581,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-27 00:42:36 8,423,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 19:16:46 2,939,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 00:34:12 660,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-27 00:34:10 192,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-09-15 20:25:18 3,611,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 19:16:44 594,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 19:16:48 12,813,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 19:16:40 176,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 19:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 19:04:06 465,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 19:04:06 7,980,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-10-27 00:09:36 136,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-27 00:55:54 413,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 19:04:06 624,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 00:09:44 590,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 00:55:44 263,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 00:55:44 272,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 19:23:04 347,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 19:11:38 4,235,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 19:11:36 21,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 19:23:08 17,483,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 01:13:08 14,674,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 01:17:08 11,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
- 2008-08-24 18:49:53 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-08-27 10:17:08 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-08-24 18:49:54 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-08-27 10:17:09 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-08-24 18:49:54 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-08-27 10:17:09 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-08-24 18:49:54 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-08-27 10:17:09 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-08-24 18:49:54 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-08-27 10:17:09 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-08-24 18:49:54 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-08-27 10:17:10 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-08-24 18:49:54 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-08-27 10:17:10 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-08-24 18:49:54 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-08-27 10:17:09 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-08-24 18:49:54 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-08-27 10:17:09 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-08-24 18:49:54 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-08-27 10:17:09 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-08-24 18:49:54 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-08-27 10:17:10 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-08-24 18:49:54 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-27 10:17:08 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-27 10:06:26 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2004-08-04 04:56:42 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-04 04:56:42 150,528 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-06-23 15:38:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-04 04:56:42 1,053,696 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-06-23 15:38:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-06-20 10:44:38 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-23 15:38:28 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-06-23 15:38:29 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-06-23 15:38:30 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-23 15:38:30 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 15:38:30 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll
+ 2008-06-23 15:38:30 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 09:49:29 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-06-23 15:38:31 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-06-23 15:38:31 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-06-23 15:38:31 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-24 16:23:05 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2008-03-25 04:50:28 518,944 -c----w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 -c----w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-06-23 15:38:33 3,059,712 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-23 15:38:33 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 -c----w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 -c----w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-27 08:12:54 151,583 -c----w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:42 60,192 -c----w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 -c----w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 -c----w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 -c----w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-06-23 15:38:33 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-25 04:50:47 432,928 -c----w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 -c----w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 -c----w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 -c----w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-06-23 15:38:33 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-25 04:50:57 838,432 -c----w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-06-20 17:41:10 245,248 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-03-25 04:50:58 621,344 -c----w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 -c----w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-06-23 15:38:33 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2006-09-04 06:08:01 1,494,016 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-06-23 15:38:34 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-23 15:38:34 615,936 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-06-23 15:38:34 659,456 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2004-08-04 03:14:16 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2004-08-04 03:10:38 274,304 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-06-13 13:10:50 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2004-08-04 04:56:44 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 15:38:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-04 04:56:44 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 15:38:30 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-04 04:56:44 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 15:38:30 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2004-08-04 04:56:44 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-06-23 15:38:31 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 04:56:44 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2004-08-04 04:56:44 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-06-23 15:38:31 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-04 04:56:44 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 15:38:31 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-01-03 23:14:10 20,480 ----a-w C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
+ 2006-01-03 23:14:12 20,480 ----a-w C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
- 2004-08-04 04:56:44 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 04:56:44 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 04:56:44 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-23 15:38:33 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-04 04:56:44 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 15:38:33 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 04:56:44 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-07-17 15:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 04:56:44 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 04:56:44 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 04:56:44 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 04:56:44 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 04:56:44 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 04:56:44 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 15:38:33 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 04:56:44 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 04:56:44 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 04:56:44 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 04:56:44 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-04 04:56:44 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 15:38:33 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 04:56:46 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 04:56:46 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 04:56:46 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2002-02-04 06:52:54 1,230,336 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 19:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2004-08-04 04:56:46 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 15:38:33 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2006-09-04 06:08:01 1,494,016 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2005-09-02 23:52:06 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-06-23 15:38:34 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2008-03-20 18:41:20 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2004-08-04 04:56:48 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 15:38:34 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 04:56:48 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2005-05-17 00:25:35 15,360 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-08-27 10:18:49 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4f8.dat
+ 2007-05-08 19:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 11:21 50472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 10:38 78008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 10:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]
.
Contents of the 'Scheduled Tasks' folder

2008-08-27 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 09:04:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-27 9:06:41
ComboFix-quarantined-files.txt 2008-08-27 13:06:30
ComboFix2.txt 2008-08-26 21:21:12
ComboFix3.txt 2008-08-26 18:55:47
ComboFix4.txt 2008-08-26 15:23:25

Pre-Run: 130,320,277,504 bytes free
Post-Run: 130,295,336,960 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

523 --- E O F --- 2008-08-27 10:17:13

Recovery Console installed correctly.

This:
Since we do not need to scan with combofix, click NO

Means I did not have to see that combofix log you posted.

This means you need to communicate how the computer is performing to me:

Quote:
How is the computer running now.

You are my eyes and ears during this remote experience and how/when I proceed have much to do with your feedback. If I missed your comments, I surely apologize.

I will continue once I have received that communication.

Sorry for running the combofix again.

The computer seems to a little better, but still slow open applications, it wants to think about it a little longer than usual.

I will pay closer attention to the post going forward, I really appreciate your assist on this.

Have a look at this information to see if it helps speed up you computer.
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

How much RAM do you have installed on the computer. If you don't know find out lke this.
Right click MyComputer > click Properties > RAM will be in the lower right corner.

Remove combofix fom the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

Clean infected System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here.

The RAM on my computer is 256

I have removed the combofix program as explained.

I cleaned the infected restore files as described.

when running the program kaspersky, at the top it
stated "No Malware has been detected"

The file is below, I was not able to figure out the standard, I see I may have done that wrong because it states extended.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, August 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 28, 2008 07:35:32
Records in database: 1153796
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 28134
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:59:50

No malware has been detected. The scan area is clean.

The selected area was scanned.

Thanks for returning your information and the feedback. The Kaspersky Online Scan (KOS) is clean as I believe is your computer. RAM is an issue, to give you an idea, I do not do any gaming (uses a lot of RAM) but I do stream videos and run multiple programs at times working on malware removal and I have 1.25 MB's of RAM ( 5 times what you have)
and don't consider that too much at all.
See this: http://www.crucial.com/support/howmuch.aspx

Adding RAM to increase computer speed - Video Tip
http://www.helpmerick.com/adding_ram_increase_computer_speed_video_tip.htm

Refer to the link I posted for ways to improve performance and you will see this also.

You might want to look at a free diagnostic, you can to that here:
Click here: http://www.pcpitstop.com/
Click: Free PC Health Scan - Overdrive
Click: battery of tests
Click: 4. OK, I Want to Run the Tests!
First time? Click New Members, I suggest you register free (they store tests)
Then follow the prompts. Once the test is complete, read the information provided under all tabs.
(there is no suggestion to purchase anything)

Some good information for you:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html

Thanks again for everything, I will work on getting more RAM for my PC. I have done all the requested things and my pc seems to be in good shape. I had a question in regards to all the software downloaded, do I need to keep this on my machine?

combofix: removed

ATF-Cleaner: best free, small, cleaner available. Yours to do with as you wish.

MBAM: good backup scanner, some rouge malware even blocks the download, keep or remove the program as you wish.

HJT: I have had a copy for ten years, the tool does much more than create a HJT log, here is a tutorial.
http://www.bleepingcomputer.com/tutorials/tutorial42.html

Hope that helps