The Microsoft Malicious Software Removal Tool found and could not completely remove Win32/Alureon.A. I'm also having a problem with my browser being redirected to irrelevant sites when using Google.
Here are my DDS logs:

DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Owner at 23:52:50.07 on Sun 06/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.74 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://mystart.incredimail.com
uWindow Title = Windows Internet Explorer provided by IncrediMail
uDefault_Page_URL = hxxp://mystart.incredimail.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2bae58c2-79f9-45d1-a286-81f911301c3a} - No File
BHO: Security Helper {B3312915-9368-4FE4-8D4E-B60E5B36D0FF}: {b3312915-9368-4fe4-8d4e-b60e5b36d0ff} - __BHODemonDisabled
BHO: {D5D33A26-F043-4808-B335-6B10630E04F8} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WeatherEye] c:\documents and settings\hp_owner\local settings\application data\theweathernetwork\weathereye\WeatherEye.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142951160109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\1lmoeui2.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-6-8 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-6-8 59664]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-8 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-8 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-8 40384]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-8 40384]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-6-8 33552]

=============== Created Last 30 ================

2010-06-12 23:27:51 0 d-----w- c:\program files\CCleaner
2010-06-11 22:18:40 0 d-----w- c:\program files\SpywareBlaster
2010-06-11 18:09:39 0 d-----w- c:\docume~1\hp_owner\applic~1\Malwarebytes
2010-06-11 18:09:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 18:09:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-11 18:09:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 18:09:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 03:45:16 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 20:04:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-08 19:34:37 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-06-08 19:34:37 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-06-08 19:34:37 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-06-08 19:34:36 0 d-----w- c:\program files\ThreatFire
2010-06-08 19:34:36 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-06-08 16:43:06 0 d-----w- c:\program files\Software Informer

==================== Find3M ====================

2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-11 12:31:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-06 08:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2007-09-11 21:32:52 149 ----a-w- c:\program files\INSTALL.LOG
2006-01-19 17:26:43 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-12-11 09:05:45 22 --sha-w- c:\windows\sminst\HPCD.sys
2009-11-20 22:29:01 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-06-30 20:15:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008063020080701\index.dat

============= FINISH: 23:55:51.96 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/10/2005 10:23:41 PM
System Uptime: 6/13/2010 10:55:27 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 225 GiB total, 181.055 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.663 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP799: 3/15/2010 8:31:12 PM - System Checkpoint
RP800: 3/18/2010 10:55:18 PM - System Checkpoint
RP801: 3/20/2010 1:39:39 AM - System Checkpoint
RP802: 3/21/2010 3:43:16 AM - System Checkpoint
RP803: 3/22/2010 3:57:00 AM - System Checkpoint
RP804: 3/23/2010 4:15:59 AM - System Checkpoint
RP805: 3/24/2010 4:17:05 AM - System Checkpoint
RP806: 3/25/2010 5:40:22 AM - System Checkpoint
RP807: 3/26/2010 7:41:39 AM - System Checkpoint
RP808: 3/27/2010 11:35:07 AM - System Checkpoint
RP809: 3/28/2010 11:37:49 AM - System Checkpoint
RP810: 3/29/2010 3:14:21 PM - System Checkpoint
RP811: 3/31/2010 2:46:22 AM - Software Distribution Service 3.0
RP812: 4/1/2010 3:38:40 AM - System Checkpoint
RP813: 4/2/2010 4:22:25 PM - System Checkpoint
RP814: 4/4/2010 12:09:10 AM - System Checkpoint
RP815: 4/5/2010 1:19:31 AM - System Checkpoint
RP816: 4/6/2010 7:18:16 AM - System Checkpoint
RP817: 4/7/2010 7:34:10 AM - System Checkpoint
RP818: 4/8/2010 8:05:16 AM - System Checkpoint
RP819: 4/9/2010 8:16:24 AM - System Checkpoint
RP820: 4/11/2010 2:00:53 AM - System Checkpoint
RP821: 4/11/2010 8:30:18 AM - Removed Java(TM) 6 Update 18
RP822: 4/11/2010 8:31:17 AM - Installed Java(TM) 6 Update 19
RP823: 4/12/2010 1:08:30 PM - System Checkpoint
RP824: 4/13/2010 1:14:43 PM - System Checkpoint
RP825: 4/13/2010 9:48:32 PM - Software Distribution Service 3.0
RP826: 4/15/2010 12:19:45 PM - System Checkpoint
RP827: 4/17/2010 11:47:31 AM - System Checkpoint
RP828: 4/18/2010 11:10:42 PM - System Checkpoint
RP829: 4/19/2010 11:23:23 PM - System Checkpoint
RP830: 4/20/2010 11:42:32 PM - System Checkpoint
RP831: 4/22/2010 12:33:44 PM - System Checkpoint
RP832: 4/24/2010 2:33:53 AM - System Checkpoint
RP833: 4/25/2010 7:12:20 AM - System Checkpoint
RP834: 4/26/2010 9:47:16 AM - System Checkpoint
RP835: 4/28/2010 7:29:08 AM - System Checkpoint
RP836: 4/30/2010 12:51:51 AM - System Checkpoint
RP837: 5/1/2010 1:36:49 AM - System Checkpoint
RP838: 5/2/2010 11:11:19 AM - System Checkpoint
RP839: 5/3/2010 4:53:34 PM - System Checkpoint
RP840: 5/4/2010 5:56:25 PM - System Checkpoint
RP841: 5/5/2010 7:49:03 PM - System Checkpoint
RP842: 5/6/2010 8:12:51 PM - System Checkpoint
RP843: 5/7/2010 9:59:13 PM - System Checkpoint
RP844: 5/10/2010 12:52:54 PM - System Checkpoint
RP845: 5/11/2010 1:11:42 PM - System Checkpoint
RP846: 5/12/2010 7:53:07 PM - System Checkpoint
RP847: 5/16/2010 2:11:35 AM - System Checkpoint
RP848: 5/17/2010 1:17:13 PM - System Checkpoint
RP849: 5/18/2010 9:08:54 PM - System Checkpoint
RP850: 5/20/2010 12:36:08 AM - System Checkpoint
RP851: 5/21/2010 11:19:35 PM - System Checkpoint
RP852: 5/22/2010 11:59:11 PM - System Checkpoint
RP853: 5/24/2010 9:22:53 AM - System Checkpoint
RP854: 5/26/2010 7:26:12 PM - System Checkpoint
RP855: 5/29/2010 8:34:02 PM - System Checkpoint
RP856: 5/31/2010 1:09:58 AM - System Checkpoint
RP857: 6/1/2010 1:55:58 AM - System Checkpoint
RP858: 6/2/2010 3:27:28 AM - System Checkpoint
RP859: 6/3/2010 10:05:44 AM - System Checkpoint
RP860: 6/4/2010 2:46:56 PM - System Checkpoint
RP861: 6/5/2010 8:08:03 PM - System Checkpoint
RP862: 6/6/2010 9:41:10 PM - System Checkpoint
RP863: 6/7/2010 11:22:13 PM - Avira AntiVir Personal - 6/7/2010 23:22
RP864: 6/8/2010 12:52:06 PM - Removed Sonic MyDVD Plus
RP865: 6/8/2010 12:53:10 PM - Removed Sonic RecordNow Audio
RP866: 6/8/2010 12:53:32 PM - Removed Sonic RecordNow Copy
RP867: 6/8/2010 12:56:31 PM - Removed Playalot Games
RP868: 6/8/2010 12:57:59 PM - Configured PC-Doctor 5 for Windows
RP869: 6/8/2010 1:00:56 PM - Removed Sonic Express Labeler
RP870: 6/8/2010 1:01:22 PM - Removed Sonic RecordNow Data
RP871: 6/8/2010 1:02:03 PM - Removed Sonic Update Manager
RP872: 6/8/2010 1:05:30 PM - Configured iTunes
RP873: 6/8/2010 1:05:57 PM - Removed IntelliMover Data Transfer Demo
RP874: 6/8/2010 1:07:11 PM - Removed Google Earth.
RP875: 6/8/2010 4:04:46 PM - avast! Free Antivirus Setup
RP876: 6/11/2010 1:42:18 AM - Software Distribution Service 3.0
RP877: 6/12/2010 8:21:34 PM - System Checkpoint

==== Installed Programs ======================

AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AiO_Scan
AiOSoftware
Ancient Trijong and Sudoku
ATI Display Driver
avast! Free Antivirus
AVI Codec Pack
BC296D BC796D SS
BufferChm
CameraDrivers
CCleaner
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
Dream Aquarium
Easy Internet Sign-up
ebgcInfra
ebgcRes
ebgcSDK
Enhanced Multimedia Keyboard Solution
EPSON CX 4200 4800 Guide
EPSON Printer Software
EPSON Scan
ERUNT 1.1j
Fax
GdiplusUpgrade
GenealogyJ 2.4
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Organize
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HpSdpAppCoreApp
IncrediMail
IncrediMail 2.0
InstantShareDevices
InterVideo WinDVD Player
iTunes
Java Auto Updater
Java(TM) 6 Update 19
KickBackSPAM (remove only)
LifeGlobe Goldfish Aquarium 2.0
LightScribe 1.4.42.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer Administration Kit 5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 97 Animated Cursors
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Resource Kit
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft PowerPoint Viewer 97
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6.3)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy
Nokia Connectivity Cable Driver
PanoStandAlone
PhotoGallery
PhotoMail Maker
PokerStars
PSPrinters08
PSTAPlugin
PySol version 4.60
QFolder
Quicken 2005
QuickTime
RandMap
Readme
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SkinsHP1
SolSuite 2008 v8.11
SolutionCenter
Sonic_PrimoSDK
Spider Wizard version 2.0.0
Spybot - Search & Destroy
SpywareBlaster 4.3
Status
The Print Shop 20
The Print Shop Premium Fonts
ThreatFire
TrayApp
UControl Scan and Remove
Unload
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP (remove only)
WeatherEye
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Mail
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

6/8/2010 2:52:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
6/8/2010 2:52:41 PM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/8/2010 11:26:56 PM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 31, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 30, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 29, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 28, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 27, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 26, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 25, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 24, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 23, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 22, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 21, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 20, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 19, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 18, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 17, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 16, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 15, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 14, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 13, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 1, function 0. Please contact your system vendor for technical assistance.
6/8/2010 11:26:39 PM, error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 0, function 0. Please contact your system vendor for technical assistance.
6/8/2010 1:02:08 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/11/2010 2:39:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
6/10/2010 2:01:30 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

==== End Of File ===========================

hi,

Your post is a few days old. If you still need help simply reply to the thread.

Hi shelf life,
Yes, I still need help. I haven't done anything with the computer since my last post, so my logs should still be good.

hi,

Ok. We will get a download to use. Its called Combofix. There is a guide to read first. Read through the guide then apply the directions on your computer. Post the combofix log in your reply.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Here's the combofix log:

ComboFix 10-06-19.03 - HP_Owner 06/20/2010 1:38.1.1 - x86
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner\Application Data\02000000dca4d5ab663C.manifest
c:\documents and settings\HP_Owner\Application Data\02000000dca4d5ab663O.manifest
c:\documents and settings\HP_Owner\Application Data\02000000dca4d5ab663P.manifest
c:\documents and settings\HP_Owner\Application Data\02000000dca4d5ab663S.manifest
c:\program files\Common Files\Uninstall
c:\program files\INSTALL.LOG
c:\program files\Seekmo Programs
c:\windows\jestertb.dll
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-20 05:22 . 2010-06-20 05:26 -------- d-----w- C:\32788R22FWJFW
2010-06-14 03:50 . 2010-06-14 03:50 -------- d-----w- c:\program files\ERUNT
2010-06-12 23:27 . 2010-06-12 23:27 -------- d-----w- c:\program files\CCleaner
2010-06-11 22:18 . 2010-06-11 22:20 -------- d-----w- c:\program files\SpywareBlaster
2010-06-11 18:09 . 2010-06-11 18:09 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-06-11 18:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 18:09 . 2010-06-11 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-11 18:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 18:09 . 2010-06-11 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 04:11 . 2010-06-11 04:11 0 ----a-w- c:\windows\nsreg.dat
2010-06-11 04:11 . 2010-06-11 04:11 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2010-06-11 04:08 . 2010-06-14 03:48 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\U3
2010-06-11 03:45 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 20:07 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-08 20:07 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-08 20:07 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-08 20:07 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-08 20:07 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-08 20:07 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-08 20:06 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-08 20:05 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-08 20:05 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-08 20:04 . 2010-06-08 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-08 20:04 . 2010-06-08 20:04 -------- d-----w- c:\program files\Alwil Software
2010-06-08 19:34 . 2010-01-14 20:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-06-08 19:34 . 2010-01-14 20:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-06-08 19:34 . 2010-01-14 20:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-06-08 19:34 . 2010-06-08 19:34 -------- d-----w- c:\program files\ThreatFire
2010-06-08 19:34 . 2010-06-08 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-08 16:43 . 2010-06-08 16:53 -------- d-----w- c:\program files\Software Informer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 02:58 . 2006-02-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-11 20:50 . 2006-02-13 20:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-11 05:24 . 2008-04-19 15:02 -------- d-----w- c:\program files\FrostWire
2010-06-08 18:53 . 2006-02-14 01:18 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\MSNInstaller
2010-06-08 17:45 . 2007-01-11 23:25 -------- d-----w- c:\program files\Absolute Poker
2010-06-08 17:30 . 2009-06-14 01:58 -------- d-----w- c:\program files\IncrediGames
2010-06-08 17:25 . 2005-10-19 14:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-08 17:22 . 2005-10-19 15:30 -------- d-----w- c:\program files\Google
2010-06-08 17:03 . 2007-01-10 18:44 -------- d-----w- c:\program files\VideoLAN
2010-06-08 17:02 . 2005-10-19 15:05 -------- d-----w- c:\program files\Sonic
2010-06-08 17:02 . 2005-10-19 14:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-08 17:01 . 2005-10-19 14:59 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-06-08 17:00 . 2007-08-03 23:29 -------- d-----w- c:\program files\PartyGaming
2010-06-08 16:56 . 2010-02-22 14:59 -------- d-----w- c:\program files\Playalot Games
2010-06-08 16:55 . 2005-10-19 15:04 -------- d-----w- c:\program files\Common Files\Real
2010-06-07 16:41 . 2006-12-28 19:57 -------- d-----w- c:\program files\PokerStars
2010-06-05 23:24 . 2010-03-06 14:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Dream Aquarium
2010-05-22 09:43 . 2010-05-22 09:43 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32016fbb-n\msvcp71.dll
2010-05-22 09:43 . 2010-05-22 09:43 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32016fbb-n\jmc.dll
2010-05-22 09:43 . 2010-05-22 09:43 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32016fbb-n\msvcr71.dll
2010-05-22 09:43 . 2010-05-22 09:43 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-56b3f932-n\decora-sse.dll
2010-05-22 09:43 . 2010-05-22 09:43 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-56b3f932-n\decora-d3d.dll
2010-05-06 10:41 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 22:59 . 2010-05-03 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoMail
2010-05-03 22:59 . 2010-05-03 22:59 -------- d-----w- c:\program files\PhotoMail Maker
2010-05-03 22:59 . 2007-03-09 18:30 -------- d-----w- c:\program files\IncrediMail
2010-05-02 05:22 . 2004-08-04 05:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 05:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-11 12:31 . 2010-02-17 14:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-01-19 17:26 . 2006-01-19 17:26 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-12-11 09:05 . 2005-12-11 09:05 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\documents and settings\HP_Owner\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-10-27 718232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MailWasherPro.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\MailWasherPro.lnk
backup=c:\windows\pss\MailWasherPro.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4200 Series]
2005-03-08 03:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-01-27 01:07 256280 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 06:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-25 22:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 23:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2010-05-03 22:57 353736 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KbsUpdt]
2005-11-21 15:08 311296 ----a-w- c:\program files\KickBackSpam\kbsupdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2005-05-10 17:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
2005-12-30 19:49 53248 ----a-w- c:\program files\KickBackSpam\Plugins\OutlookExpress\OE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-10-19 15:15 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2005-01-24 02:56 544768 ----a-w- c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2010-01-14 20:08 378128 ----a-w- c:\program files\ThreatFire\TFTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ThreatFire"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\KickBackSpam\\kbsupdt.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [6/8/2010 3:34 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [6/8/2010 3:34 PM 59664]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/8/2010 4:07 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/8/2010 4:07 PM 19024]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [6/8/2010 3:34 PM 33552]
.
Contents of the 'Scheduled Tasks' folder

2010-06-20 c:\windows\Tasks\User_Feed_Synchronization-{0E2B22E3-9F40-4FB2-984B-F00116FD9741}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://mystart.incredimail.com
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\1lmoeui2.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
BHO-{B3312915-9368-4FE4-8D4E-B60E5B36D0FF} - __BHODemonDisabled
BHO-{D5D33A26-F043-4808-B335-6B10630E04F8} - (no file)
MSConfigStartUp-A00F4E859 - c:\docume~1\HP_Owner\LOCALS~1\Temp\_A00F4E859.exe
MSConfigStartUp-A00F4FF2C - c:\docume~1\HP_Owner\LOCALS~1\Temp\_A00F4FF2C.exe
MSConfigStartUp-A00F6F6F09 - c:\docume~1\HP_Owner\LOCALS~1\Temp\_A00F6F6F09.exe
MSConfigStartUp-A00F86F2E - c:\docume~1\HP_Owner\LOCALS~1\Temp\_A00F86F2E.exe
MSConfigStartUp-A00FE4A82 - c:\docume~1\HP_Owner\LOCALS~1\Temp\_A00FE4A82.exe
MSConfigStartUp-AQ3HelperStartUp - c:\progra~1\AQUATI~1\AQ3HEL~1.EXE
MSConfigStartUp-BO1HelperStartUp - c:\progra~1\BUTTER~1\BO1HEL~1.EXE
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
MSConfigStartUp-ML1HelperStartUp - c:\progra~1\MIDNIG~1\ML1HEL~1.EXE
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-SmileyApp - c:\program files\DoubleD\GamingHarbor Toolbar\4.1.4.20920\stbapp.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-LifeGlobe Goldfish Aquarium 2.0_is1 - c:\program files\Prolific Publishing



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 01:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'lsass.exe'(624)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(2560)
c:\windows\system32\WININET.dll
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\ieframe.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\MSVCR80.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ThreatFire\TFService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-20 02:11:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-20 06:11

Pre-Run: 194,171,510,784 bytes free
Post-Run: 194,018,766,848 bytes free

- - End Of File - - 2223DA7C9E958E32AC395E602FEC82C2

ok good. Redirects gone now?. Check Malwarebytes for updates and do a scan with it and post its log:

click the MBAM icon on your desktop. Once the program has loaded, click the Update tab, then check for updates. Select Scanner tab, Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click **Remove Selected.**

**A restart of your computer most likely will be required to remove some items. If prompted please chose yes to restart your computer.**

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

Yes, it seems like the redirects are gone. Thank you.
Here's the new MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4219

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/20/2010 3:36:04 PM
mbam-log-2010-06-20 (15-36-04).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 218703
Time elapsed: 1 hour(s), 13 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP849\A0310726.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

ok good. You can remove combofix like this:

start>run and type in combofix /u
click ok or enter
Note: there is a space after the x and before the /

Note that Malwarebytes must be both updated and a scan started manually.

You can make a new restore point. The how and the why:

One of the features of Windows XP,Vista and Windows 7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

If all is good on your end:

10 Tips for Reducing/Preventing Your Risk To Malware:

In no special order

1) It is essential to keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.virusvault.us/signs1.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*. *There is no reason why your computer can not stay malware free.*

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and W7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) and do it yourself.

10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks, then you are also much more likely to encounter malicious code in a downloaded file. Do you really trust the source of the file? Do you really need another malware source?

Longer version in links below.

Happy Safe Surfing.

Hi shelf life

I tried removing Combofix (start>run and typing combofix /u), but it just ran combofix. Did it remove combofix?
Here's the new log:

ComboFix 10-06-19.03 - HP_Owner 06/21/2010 0:00.2.1 - x86
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: /u
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-14 03:50 . 2010-06-14 03:50 -------- d-----w- c:\program files\ERUNT
2010-06-12 23:27 . 2010-06-12 23:27 -------- d-----w- c:\program files\CCleaner
2010-06-11 22:18 . 2010-06-11 22:20 -------- d-----w- c:\program files\SpywareBlaster
2010-06-11 18:09 . 2010-06-11 18:09 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-06-11 18:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 18:09 . 2010-06-11 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-11 18:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 18:09 . 2010-06-11 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 04:11 . 2010-06-11 04:11 0 ----a-w- c:\windows\nsreg.dat
2010-06-11 04:11 . 2010-06-11 04:11 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2010-06-11 04:10 . 2007-10-23 13:27 110592 ----a-w- c:\documents and settings\HP_Owner\Application Data\U3\temp\cleanup.exe
2010-06-11 04:08 . 2007-10-23 13:22 3350528 ---ha-w- c:\documents and settings\HP_Owner\Application Data\U3\temp\Launchpad Removal.exe
2010-06-11 04:08 . 2010-06-14 03:48 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\U3
2010-06-11 03:45 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 20:07 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-08 20:07 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-08 20:07 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-08 20:07 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-08 20:07 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-08 20:07 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-08 20:06 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-08 20:05 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-08 20:05 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-08 20:04 . 2010-06-08 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-08 20:04 . 2010-06-08 20:04 -------- d-----w- c:\program files\Alwil Software
2010-06-08 19:34 . 2010-01-14 20:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-06-08 19:34 . 2010-01-14 20:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-06-08 19:34 . 2010-01-14 20:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-06-08 19:34 . 2010-06-08 19:34 -------- d-----w- c:\program files\ThreatFire
2010-06-08 19:34 . 2010-06-08 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-08 16:43 . 2010-06-08 16:53 -------- d-----w- c:\program files\Software Informer
2010-05-22 09:43 . 2010-05-22 09:43 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32016fbb-n\msvcp71.dll
2010-05-22 09:43 . 2010-05-22 09:43 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32016fbb-n\jmc.dll
2010-05-22 09:43 . 2010-05-22 09:43 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32016fbb-n\msvcr71.dll
2010-05-22 09:43 . 2010-05-22 09:43 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-56b3f932-n\decora-sse.dll
2010-05-22 09:43 . 2010-05-22 09:43 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-56b3f932-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 02:58 . 2006-02-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-11 20:50 . 2006-02-13 20:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-11 05:24 . 2008-04-19 15:02 -------- d-----w- c:\program files\FrostWire
2010-06-08 18:53 . 2006-02-14 01:18 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\MSNInstaller
2010-06-08 17:45 . 2007-01-11 23:25 -------- d-----w- c:\program files\Absolute Poker
2010-06-08 17:30 . 2009-06-14 01:58 -------- d-----w- c:\program files\IncrediGames
2010-06-08 17:25 . 2005-10-19 14:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-08 17:22 . 2005-10-19 15:30 -------- d-----w- c:\program files\Google
2010-06-08 17:03 . 2007-01-10 18:44 -------- d-----w- c:\program files\VideoLAN
2010-06-08 17:02 . 2005-10-19 15:05 -------- d-----w- c:\program files\Sonic
2010-06-08 17:02 . 2005-10-19 14:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-08 17:01 . 2005-10-19 14:59 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-06-08 17:00 . 2007-08-03 23:29 -------- d-----w- c:\program files\PartyGaming
2010-06-08 16:56 . 2010-02-22 14:59 -------- d-----w- c:\program files\Playalot Games
2010-06-08 16:55 . 2005-10-19 15:04 -------- d-----w- c:\program files\Common Files\Real
2010-06-07 16:41 . 2006-12-28 19:57 -------- d-----w- c:\program files\PokerStars
2010-06-05 23:24 . 2010-03-06 14:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Dream Aquarium
2010-05-06 10:41 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 22:59 . 2010-05-03 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoMail
2010-05-03 22:59 . 2010-05-03 22:59 -------- d-----w- c:\program files\PhotoMail Maker
2010-05-03 22:59 . 2007-03-09 18:30 -------- d-----w- c:\program files\IncrediMail
2010-05-02 05:22 . 2004-08-04 05:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 05:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-11 12:31 . 2010-02-17 14:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-01-19 17:26 . 2006-01-19 17:26 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-12-11 09:05 . 2005-12-11 09:05 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\documents and settings\HP_Owner\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-10-27 718232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MailWasherPro.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\MailWasherPro.lnk
backup=c:\windows\pss\MailWasherPro.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4200 Series]
2005-03-08 03:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2010-01-27 01:07 256280 ----a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 06:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-25 22:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 23:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2010-05-03 22:57 353736 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KbsUpdt]
2005-11-21 15:08 311296 ----a-w- c:\program files\KickBackSpam\kbsupdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2005-05-10 17:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
2005-12-30 19:49 53248 ----a-w- c:\program files\KickBackSpam\Plugins\OutlookExpress\OE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-10-19 15:15 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2005-01-24 02:56 544768 ----a-w- c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2010-01-14 20:08 378128 ----a-w- c:\program files\ThreatFire\TFTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ThreatFire"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\KickBackSpam\\kbsupdt.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [6/8/2010 3:34 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [6/8/2010 3:34 PM 59664]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/8/2010 4:07 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/8/2010 4:07 PM 19024]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [6/8/2010 3:34 PM 33552]
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{0E2B22E3-9F40-4FB2-984B-F00116FD9741}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://mystart.incredimail.com
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\1lmoeui2.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 00:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll

- - - - - - - > 'lsass.exe'(624)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\MSVCR80.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-21 00:24:15
ComboFix-quarantined-files.txt 2010-06-21 04:24
ComboFix2.txt 2010-06-20 06:12

Pre-Run: 194,196,811,776 bytes free
Post-Run: 194,179,313,664 bytes free

- - End Of File - - 3D3DB91AFB730D5F365FA55020B84951

ok. You can download a utility that will remove it for you:

Please download OTCleanIt and save it to desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Thanks shelf life
The computer seems to be good now.
One more question...do you think it's safe if I manually delete the random files/registry entries left behind after I uninstalled Symantec, Frostwire and Limewire?

hi,
ok good. If you have run the uninstaller for each from the add/remove programs panel then yes, you could delete any folders in C:/Program files.

As for the registry I would leave it alone. You can also delete any folder or files in :
My documents/LimeWire/shared etc. It would be the default location where limewire and frostwire put the downloads or another place if you changed the default.

Some p2p might ask you if you want to keep or delete these files when you uninstall the software package.

Symantec (norton) has a uninstaller for some of there products. It may do a little better job than the standard uninstaller.

Its here. (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039)



Microsoft Malicious Software Removal Tool found and could not completely remove Win32/Alureon.A
Why dont use see what this says now? You can launch it by going to Start>Run and type in:
mrt.exe
click ok or enter, you can chose 'full scan' for the option in the wizard.

The Norton uninstaller worked, the 'mrt.exe' scan found nothing, and google does not redirect anymore. Everything looks good. Thanks again shelf life!

ok good and your welcome. Happy safe surfing 'out there.'