Hello..I have a H/P Pavilion a810Y with XP. Two nights ago, I had and still have a NetWorm-Virus@fp alert along with a Spy-Worm alert - Trojan SPM/LX and Mal-Ware alert, with a bunch of Porn sites popping up. I ran Ad-Ware and 32 infections were found and deleted. When I went to re-boot the comp. Windows was in a loop, while attempting to start. I finally got back to the desk top using a earlier configuration. To date I have all the above happening, and this afternoon, the I.P. address was gone, and that had to be re-installed.

Below is the "hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:54 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\WINPCD~1\cookw.exe
C:\PROGRA~1\COMMON~1\ANTISP~1\ugac.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\AntiSpywareSuite\Tools\pblock.dll
O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\AntiSpywareSuite\Tools\sbiebho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202663864.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\COMMON~1\WINPCD~1\cookw.exe" -start
O4 - HKLM\..\Run: [AntiSpyKit 5.2] "C:\Program Files\AntiSpyKit 5.2\AntiSpyKit 5.2.exe" /h
O4 - HKLM\..\Run: [WinPCDoctor] C:\Program Files\WinPCDoctor\SysRep.exe
O4 - HKLM\..\Run: [VirusHeat 3.9] "C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe" /h
O4 - HKLM\..\Run: [gdcw] C:\Program Files\WinAnonymous\data\GDCW.exe
O4 - HKLM\..\Run: [AntiSpywareSuite] C:\Program Files\AntiSpywareSuite\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\ANTISP~1\ugac.exe" -start
O4 - HKLM\..\Run: [ptask] C:\Program Files\AntiSpywareSuite\ptask.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9408 bytes

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

ComboFix 08-02-13.2 - HP_Owner 2008-02-12 20:20:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.175 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\AntiSpywareSuite.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareSuite
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareSuite\AntiSpywareSuite.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareSuite\Contact Customer Support.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareSuite\Uninstall AntiSpywareSuite.lnk
C:\Documents and Settings\HP_Owner\ResErrors.log
C:\Program Files\AntiSpywareSuite
C:\Program Files\AntiSpywareSuite\Config\pgs.xml
C:\Program Files\AntiSpywareSuite\Dat\Activate.dat
C:\Program Files\AntiSpywareSuite\Dat\BkSites.dat
C:\Program Files\AntiSpywareSuite\Dat\bnlink.dat
C:\Program Files\AntiSpywareSuite\Dat\cd.dat
C:\Program Files\AntiSpywareSuite\Dat\incmp.dat
C:\Program Files\AntiSpywareSuite\Dat\index.dat
C:\Program Files\AntiSpywareSuite\Dat\PGUpLst.dat
C:\Program Files\AntiSpywareSuite\Dat\pv.dat
C:\Program Files\AntiSpywareSuite\Engines\AWBase\database\enemies.dat
C:\Program Files\AntiSpywareSuite\Engines\AWBase\vbpv.dat
C:\Program Files\AntiSpywareSuite\Engines\PGBase\vbpv.dat
C:\Program Files\AntiSpywareSuite\Engines\plugins\BORLNDMM.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANADWR.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANBCDR.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANDLDR.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANDOS1.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANEMUL.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANFUNC.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANKRNL.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANMCR1.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANOTHR.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANSCR.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANTOOL.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANTROJ.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\SCANWIN1.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\UNACPU.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\UNADBX.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\unamscan.dll
C:\Program Files\AntiSpywareSuite\Engines\plugins\UNMIME.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\UNPACK.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\UNPACKS.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\UNPACKS2.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\UNPEPACK.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\UpDate\UA27601.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\UpDate\UA27602.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\UpDate\UA27603.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\UpDate\UA27604.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\UpDate\UADAILY.DLL
C:\Program Files\AntiSpywareSuite\Engines\plugins\vbpv.dat
C:\Program Files\AntiSpywareSuite\Graphics\cross.gif
C:\Program Files\AntiSpywareSuite\Graphics\ga6p.gif
C:\Program Files\AntiSpywareSuite\Graphics\kb.url
C:\Program Files\AntiSpywareSuite\Graphics\main.ico
C:\Program Files\AntiSpywareSuite\Graphics\mini.ico
C:\Program Files\AntiSpywareSuite\Graphics\Online.url
C:\Program Files\AntiSpywareSuite\Graphics\rm.url
C:\Program Files\AntiSpywareSuite\Graphics\support.ico
C:\Program Files\AntiSpywareSuite\Graphics\Support.url
C:\Program Files\AntiSpywareSuite\Graphics\uninstall.ico
C:\Program Files\AntiSpywareSuite\LA\lapv.dat
C:\Program Files\AntiSpywareSuite\LA\License.rtf
C:\Program Files\AntiSpywareSuite\Tools\pblock.dll
C:\Program Files\AntiSpywareSuite\Tools\sbiebho.dll
C:\Program Files\Common Files\AntiSpywareSuite
C:\Program Files\Common Files\AntiSpywareSuite\bm.exe
C:\Program Files\Common Files\AntiSpywareSuite\ugac.exe
C:\Program Files\Helper
C:\Program Files\Helper\1202663864.dll
C:\UGA6P
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-12 18:52 . 2008-02-12 18:51 812,344 --a--c--- C:\HJTInstall.exe
2008-02-11 23:38 . 2008-02-11 23:38 <DIR> d--hsc--- C:\AntiSpywareSuite
2008-02-11 23:37 . 2008-02-11 23:37 46,592 --a------ C:\WINDOWS\system32\drivers\dhlp.sys
2008-02-11 22:03 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\Common Files\WinPCDoctor
2008-02-11 22:03 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\Common Files\AdvancedCleaner
2008-02-11 22:03 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\AdvancedCleaner Free
2008-02-11 19:31 . 2004-12-14 09:07 19,696 --------- C:\WINDOWS\hpomdl05.dat.temp
2008-02-11 18:33 . 2008-02-11 18:33 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-11 17:15 . 2008-02-11 17:15 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InternetAnonymizer
2008-02-11 17:14 . 2008-02-11 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InternetAnonymizer
2008-02-11 17:08 . 2008-02-12 16:52 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AntiSpywareSuite
2008-02-11 16:59 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\AdvancedCleaner
2008-02-11 16:59 . 2008-02-11 16:59 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AdvancedCleaner
2008-02-11 16:59 . 2008-02-11 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AdvancedCleaner
2008-02-11 16:59 . 2007-08-18 11:34 98,816 --a------ C:\WINDOWS\system32\daila.exe
2008-02-11 05:59 . 2008-02-11 19:20 92,010 --a------ C:\Documents and Settings\HP_Owner\scan.dat
2008-02-11 05:33 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\AntiSpyKit 5.2
2008-02-10 12:03 . 2008-02-10 12:03 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\winpcdoctor
2008-02-10 11:54 . 2008-02-10 11:54 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\winpcdoctor
2008-02-10 11:53 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\WinPCDoctor
2008-02-10 11:52 . 2008-02-11 05:32 259,336 --a------ C:\Documents and Settings\HP_Owner\Application Data\setup_en[1].exe
2008-02-10 11:48 . 2008-02-10 11:48 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\WinAnonymous
2008-02-10 11:43 . 2008-02-10 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinAnonymous
2008-02-10 11:42 . 2008-02-10 11:42 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
2008-02-10 11:42 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-02-10 11:42 . 2008-02-10 11:42 205,064 --a------ C:\Documents and Settings\HP_Owner\Application Data\installer_en[1].exe
2008-02-10 10:17 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\VirusHeat 3.9
2008-02-10 10:17 . 2008-02-12 17:10 <DIR> d-------- C:\Program Files\NetProject
2008-01-15 17:49 . 2008-01-19 11:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-15 17:49 . 2008-01-15 17:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-15 17:48 . 2008-01-15 17:48 <DIR> d-------- C:\Program Files\iTunes
2008-01-15 17:48 . 2008-01-15 17:48 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 03:19 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\MSN6
2008-02-13 03:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 01:56 --------- d-----w C:\Program Files\Trend Micro
2008-02-13 01:13 19,912 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-02-12 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-11 12:52 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-02-10 18:51 --------- d-----w C:\Program Files\Microsoft Works
2008-02-09 19:56 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-06 02:01 --------- d-----w C:\Program Files\PokerStars
2008-02-02 14:59 --------- d-----w C:\Program Files\Freeze.com
2008-01-28 04:29 --------- d-----w C:\Program Files\eAcceleration
2008-01-28 04:17 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\eAcceleration
2008-01-27 19:53 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Microgaming
2008-01-20 17:43 --------- d-----w C:\Program Files\Ace Utilities
2008-01-19 22:22 --------- d-----w C:\Program Files\Real
2008-01-19 22:22 --------- d-----w C:\Program Files\QuickTime
2008-01-19 22:22 --------- d-----w C:\Program Files\OfficeUpdate11
2008-01-19 22:15 --------- d-----w C:\Program Files\Full Tilt Poker.Net
2008-01-12 18:11 --------- d-----w C:\Program Files\PC MightyMax 2007
2008-01-12 04:32 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert
2008-01-10 03:16 --------- d-----w C:\Program Files\eAcceleration(2)
2007-12-30 22:08 --------- d-----w C:\Program Files\Advanced Registry Optimizer
2007-12-30 22:05 --------- d-----w C:\Program Files\ArmorIE
2007-12-30 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-30 20:09 54,330,664 -c--a-w C:\iTunesSetup.exe
2007-12-26 02:27 --------- d-----w C:\Program Files\Microsoft Money 2007
2007-12-26 02:27 --------- d-----w C:\Program Files\Microsoft Money 2005
2007-12-23 17:26 --------- d-----w C:\Program Files\Speeditup Free
2007-12-23 17:26 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 19:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\PIE Service
2007-12-21 16:32 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\PIE Service
2007-12-15 16:46 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-12-15 16:46 --------- d-----w C:\Program Files\MSECACHE
2007-12-15 16:03 --------- d-----w C:\Program Files\Microsoft Money Plus(2)
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\jscript(5).dll
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\jscript(4).dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
2008-02-12 17:10 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 14:52 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"cookw"="C:\PROGRA~1\COMMON~1\WINPCD~1\cookw.exe" [2007-08-14 15:59 210944]
"AntiSpyKit 5.2"="C:\Program Files\AntiSpyKit 5.2\AntiSpyKit 5.2.exe" [2008-01-30 04:20 1900544]
"WinPCDoctor"="C:\Program Files\WinPCDoctor\SysRep.exe" [2008-01-25 19:11 1542656]
"VirusHeat 3.9"="C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe" [2008-02-08 07:52 1724416]
"gdcw"="C:\Program Files\WinAnonymous\data\GDCW.exe" [ ]
"ugac"="C:\PROGRA~1\COMMON~1\ANTISP~1\ugac.exe" [ ]
"ptask"="C:\Program Files\AntiSpywareSuite\ptask.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 10:11 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"start"= C:\Program Files\NetProject\sbmntr.exe
"some"= C:\Program Files\NetProject\scit.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"AROReminder"=C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AGRSMMSG"=AGRSMMSG.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R0 fwcore;fwcore;C:\WINDOWS\system32\drivers\fwcore.sys [2006-11-07 11:58]
S2 AdwareAlertSrv;AdwareAlert Scanning Engine;"C:\Program Files\AdwareAlert\AdwareAlert.srv.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 16:03:18 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-19 10:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-02-13 00:10:22 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-06-07 09:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-19 10:30:02 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 20:22:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-12 20:23:03
ComboFix-quarantined-files.txt 2008-02-13 03:22:42
.
2008-02-12 06:54:12 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:03 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\WINPCD~1\cookw.exe
C:\PROGRA~1\COMMON~1\ANTISP~1\ugac.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NetProject\scm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\COMMON~1\WINPCD~1\cookw.exe" -start
O4 - HKLM\..\Run: [AntiSpyKit 5.2] "C:\Program Files\AntiSpyKit 5.2\AntiSpyKit 5.2.exe" /h
O4 - HKLM\..\Run: [WinPCDoctor] C:\Program Files\WinPCDoctor\SysRep.exe
O4 - HKLM\..\Run: [VirusHeat 3.9] "C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe" /h
O4 - HKLM\..\Run: [gdcw] C:\Program Files\WinAnonymous\data\GDCW.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\ANTISP~1\ugac.exe" -start
O4 - HKLM\..\Run: [ptask] C:\Program Files\AntiSpywareSuite\ptask.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8658 bytes

Wow, you have quite a collection of the most recent garbage, rogue antispyware and garbage programs. Most I've seen in some time. Hopefully, you did not willingly install these baddies. Anyway, they are going away...


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Here's the latest . . thanks for your patients

ComboFix 08-02-13.2 - HP_Owner 2008-02-13 16:28:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt.wps
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-13 07:40 . 2008-02-13 07:40 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-02-12 18:52 . 2008-02-12 18:51 812,344 --a--c--- C:\HJTInstall.exe
2008-02-11 23:38 . 2008-02-11 23:38 <DIR> d--hsc--- C:\AntiSpywareSuite
2008-02-11 23:37 . 2008-02-11 23:37 46,592 --a------ C:\WINDOWS\system32\drivers\dhlp.sys
2008-02-11 22:03 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\Common Files\WinPCDoctor
2008-02-11 22:03 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\Common Files\AdvancedCleaner
2008-02-11 22:03 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\AdvancedCleaner Free
2008-02-11 19:31 . 2004-12-14 09:07 19,696 --------- C:\WINDOWS\hpomdl05.dat.temp
2008-02-11 18:33 . 2008-02-11 18:33 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-11 17:15 . 2008-02-11 17:15 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InternetAnonymizer
2008-02-11 17:14 . 2008-02-11 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InternetAnonymizer
2008-02-11 17:08 . 2008-02-12 16:52 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AntiSpywareSuite
2008-02-11 16:59 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\AdvancedCleaner
2008-02-11 16:59 . 2008-02-11 16:59 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AdvancedCleaner
2008-02-11 16:59 . 2008-02-11 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AdvancedCleaner
2008-02-11 16:59 . 2007-08-18 11:34 98,816 --a------ C:\WINDOWS\system32\daila.exe
2008-02-11 05:59 . 2008-02-11 19:20 92,010 --a------ C:\Documents and Settings\HP_Owner\scan.dat
2008-02-11 05:33 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\AntiSpyKit 5.2
2008-02-10 12:03 . 2008-02-10 12:03 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\winpcdoctor
2008-02-10 11:54 . 2008-02-10 11:54 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\winpcdoctor
2008-02-10 11:53 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\WinPCDoctor
2008-02-10 11:52 . 2008-02-11 05:32 259,336 --a------ C:\Documents and Settings\HP_Owner\Application Data\setup_en[1].exe
2008-02-10 11:48 . 2008-02-10 11:48 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\WinAnonymous
2008-02-10 11:43 . 2008-02-10 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinAnonymous
2008-02-10 11:42 . 2008-02-10 11:42 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
2008-02-10 11:42 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-02-10 11:42 . 2008-02-10 11:42 205,064 --a------ C:\Documents and Settings\HP_Owner\Application Data\installer_en[1].exe
2008-02-10 10:17 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\VirusHeat 3.9
2008-02-10 10:17 . 2008-02-13 07:38 <DIR> d-------- C:\Program Files\NetProject
2008-01-15 17:49 . 2008-01-19 11:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-15 17:49 . 2008-01-15 17:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-15 17:48 . 2008-01-15 17:48 <DIR> d-------- C:\Program Files\iTunes
2008-01-15 17:48 . 2008-01-15 17:48 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 23:27 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\MSN6
2008-02-13 23:24 19,962 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-02-13 23:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-13 01:56 --------- d-----w C:\Program Files\Trend Micro
2008-02-11 12:52 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-02-10 18:51 --------- d-----w C:\Program Files\Microsoft Works
2008-02-09 19:56 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-06 02:01 --------- d-----w C:\Program Files\PokerStars
2008-02-02 14:59 --------- d-----w C:\Program Files\Freeze.com
2008-01-28 04:29 --------- d-----w C:\Program Files\eAcceleration
2008-01-28 04:17 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\eAcceleration
2008-01-27 19:53 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Microgaming
2008-01-20 17:43 --------- d-----w C:\Program Files\Ace Utilities
2008-01-19 22:22 --------- d-----w C:\Program Files\Real
2008-01-19 22:22 --------- d-----w C:\Program Files\QuickTime
2008-01-19 22:22 --------- d-----w C:\Program Files\OfficeUpdate11
2008-01-19 22:15 --------- d-----w C:\Program Files\Full Tilt Poker.Net
2008-01-12 18:11 --------- d-----w C:\Program Files\PC MightyMax 2007
2008-01-12 04:32 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert
2008-01-10 03:16 --------- d-----w C:\Program Files\eAcceleration(2)
2007-12-30 22:08 --------- d-----w C:\Program Files\Advanced Registry Optimizer
2007-12-30 22:05 --------- d-----w C:\Program Files\ArmorIE
2007-12-30 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-30 20:09 54,330,664 -c--a-w C:\iTunesSetup.exe
2007-12-26 02:27 --------- d-----w C:\Program Files\Microsoft Money 2007
2007-12-26 02:27 --------- d-----w C:\Program Files\Microsoft Money 2005
2007-12-23 17:26 --------- d-----w C:\Program Files\Speeditup Free
2007-12-23 17:26 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 19:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\PIE Service
2007-12-21 16:32 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\PIE Service
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-15 16:46 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-12-15 16:46 --------- d-----w C:\Program Files\MSECACHE
2007-12-15 16:03 --------- d-----w C:\Program Files\Microsoft Money Plus(2)
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\jscript(5).dll
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\jscript(4).dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
2008-02-13 07:38 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"cookw"="C:\PROGRA~1\COMMON~1\WINPCD~1\cookw.exe" [2007-08-14 15:59 210944]
"AntiSpyKit 5.2"="C:\Program Files\AntiSpyKit 5.2\AntiSpyKit 5.2.exe" [2008-01-30 04:20 1900544]
"WinPCDoctor"="C:\Program Files\WinPCDoctor\SysRep.exe" [2008-01-25 19:11 1542656]
"VirusHeat 3.9"="C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe" [2008-02-08 07:52 1724416]
"gdcw"="C:\Program Files\WinAnonymous\data\GDCW.exe" [ ]
"ugac"="C:\PROGRA~1\COMMON~1\ANTISP~1\ugac.exe" [ ]
"ptask"="C:\Program Files\AntiSpywareSuite\ptask.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 10:11 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"AROReminder"=C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AGRSMMSG"=AGRSMMSG.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R0 fwcore;fwcore;C:\WINDOWS\system32\drivers\fwcore.sys [2006-11-07 11:58]
S2 AdwareAlertSrv;AdwareAlert Scanning Engine;"C:\Program Files\AdwareAlert\AdwareAlert.srv.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 16:03:18 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-19 10:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-02-13 23:03:36 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-06-07 09:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-19 10:30:02 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 16:30:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-13 16:31:04
ComboFix-quarantined-files.txt 2008-02-13 23:30:49
ComboFix2.txt 2008-02-13 03:23:03
.
2008-02-13 21:36:06 --- E O F ---

Something appears to have failed. ComboFix ran, but nothing was removed.

Uninstall ComboFix by doing the following;

From the Desktop:
Start --> Run --> ComboFix /u (press Enter)


Then following hte instructions in my first post, download ComboFix again, install it as before, but do not run it.

Then repeat the instructions in my previous post to remove the items using CFScript using the same script.

ComboFix is re-installed.

At the support.microsoft.com/kb/310994 site, the XL SP2 download link creates a HTTP404 not found, error message, so I can not create the XP Recovery Console. Now what ? ?

Don't worry about the recovery console at this point. Just do the ComboFix script from my previous post.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:46 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\WINPCD~1\cookw.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\COMMON~1\WINPCD~1\cookw.exe" -start
O4 - HKLM\..\Run: [AntiSpyKit 5.2] "C:\Program Files\AntiSpyKit 5.2\AntiSpyKit 5.2.exe" /h
O4 - HKLM\..\Run: [WinPCDoctor] C:\Program Files\WinPCDoctor\SysRep.exe
O4 - HKLM\..\Run: [VirusHeat 3.9] "C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe" /h
O4 - HKLM\..\Run: [gdcw] C:\Program Files\WinAnonymous\data\GDCW.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\ANTISP~1\ugac.exe" -start
O4 - HKLM\..\Run: [ptask] C:\Program Files\AntiSpywareSuite\ptask.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

ComboFix 08-02-16.2 - HP_Owner 2008-02-15 17:55:30.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.183 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-13 07:40 . 2008-02-13 07:40 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-02-12 18:52 . 2008-02-12 18:51 812,344 --a--c--- C:\HJTInstall.exe
2008-02-11 23:38 . 2008-02-11 23:38 <DIR> d--hsc--- C:\AntiSpywareSuite
2008-02-11 23:37 . 2008-02-11 23:37 46,592 --a------ C:\WINDOWS\system32\drivers\dhlp.sys
2008-02-11 22:03 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\Common Files\WinPCDoctor
2008-02-11 22:03 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\Common Files\AdvancedCleaner
2008-02-11 22:03 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\AdvancedCleaner Free
2008-02-11 19:31 . 2004-12-14 09:07 19,696 --------- C:\WINDOWS\hpomdl05.dat.temp
2008-02-11 18:33 . 2008-02-11 18:33 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-11 17:15 . 2008-02-11 17:15 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InternetAnonymizer
2008-02-11 17:14 . 2008-02-11 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InternetAnonymizer
2008-02-11 17:08 . 2008-02-12 16:52 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AntiSpywareSuite
2008-02-11 16:59 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\AdvancedCleaner
2008-02-11 16:59 . 2008-02-11 16:59 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AdvancedCleaner
2008-02-11 16:59 . 2008-02-11 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AdvancedCleaner
2008-02-11 16:59 . 2007-08-18 11:34 98,816 --a------ C:\WINDOWS\system32\daila.exe
2008-02-11 05:59 . 2008-02-11 19:20 92,010 --a------ C:\Documents and Settings\HP_Owner\scan.dat
2008-02-11 05:33 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\AntiSpyKit 5.2
2008-02-10 12:03 . 2008-02-10 12:03 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\winpcdoctor
2008-02-10 11:54 . 2008-02-10 11:54 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\winpcdoctor
2008-02-10 11:53 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\WinPCDoctor
2008-02-10 11:52 . 2008-02-11 05:32 259,336 --a------ C:\Documents and Settings\HP_Owner\Application Data\setup_en[1].exe
2008-02-10 11:48 . 2008-02-10 11:48 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\WinAnonymous
2008-02-10 11:43 . 2008-02-10 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinAnonymous
2008-02-10 11:42 . 2008-02-10 11:42 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
2008-02-10 11:42 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-02-10 11:42 . 2008-02-10 11:42 205,064 --a------ C:\Documents and Settings\HP_Owner\Application Data\installer_en[1].exe
2008-02-10 10:17 . 2008-02-11 22:03 <DIR> d-------- C:\Program Files\VirusHeat 3.9
2008-02-10 10:17 . 2008-02-13 07:38 <DIR> d-------- C:\Program Files\NetProject

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 00:54 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\MSN6
2008-02-15 20:01 20,094 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-02-15 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-15 19:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 01:56 --------- d-----w C:\Program Files\Trend Micro
2008-02-11 12:52 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-02-10 18:51 --------- d-----w C:\Program Files\Microsoft Works
2008-02-09 19:56 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-06 02:01 --------- d-----w C:\Program Files\PokerStars
2008-02-02 14:59 --------- d-----w C:\Program Files\Freeze.com
2008-01-28 04:29 --------- d-----w C:\Program Files\eAcceleration
2008-01-28 04:17 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\eAcceleration
2008-01-27 19:53 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Microgaming
2008-01-20 17:43 --------- d-----w C:\Program Files\Ace Utilities
2008-01-19 22:22 --------- d-----w C:\Program Files\Real
2008-01-19 22:22 --------- d-----w C:\Program Files\QuickTime
2008-01-19 22:22 --------- d-----w C:\Program Files\OfficeUpdate11
2008-01-19 22:15 --------- d-----w C:\Program Files\Full Tilt Poker.Net
2008-01-16 00:48 --------- d-----w C:\Program Files\iTunes
2008-01-16 00:48 --------- d-----w C:\Program Files\iPod
2008-01-12 18:11 --------- d-----w C:\Program Files\PC MightyMax 2007
2008-01-12 04:32 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert
2008-01-10 03:16 --------- d-----w C:\Program Files\eAcceleration(2)
2007-12-30 22:08 --------- d-----w C:\Program Files\Advanced Registry Optimizer
2007-12-30 22:05 --------- d-----w C:\Program Files\ArmorIE
2007-12-30 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-30 20:09 54,330,664 -c--a-w C:\iTunesSetup.exe
2007-12-26 02:27 --------- d-----w C:\Program Files\Microsoft Money 2007
2007-12-26 02:27 --------- d-----w C:\Program Files\Microsoft Money 2005
2007-12-23 17:26 --------- d-----w C:\Program Files\Speeditup Free
2007-12-23 17:26 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 19:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\PIE Service
2007-12-21 16:32 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\PIE Service
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
2008-02-13 07:38 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"cookw"="C:\PROGRA~1\COMMON~1\WINPCD~1\cookw.exe" [2007-08-14 15:59 210944]
"AntiSpyKit 5.2"="C:\Program Files\AntiSpyKit 5.2\AntiSpyKit 5.2.exe" [2008-01-30 04:20 1900544]
"WinPCDoctor"="C:\Program Files\WinPCDoctor\SysRep.exe" [2008-01-25 19:11 1542656]
"VirusHeat 3.9"="C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe" [2008-02-08 07:52 1724416]
"gdcw"="C:\Program Files\WinAnonymous\data\GDCW.exe" [ ]
"ugac"="C:\PROGRA~1\COMMON~1\ANTISP~1\ugac.exe" [ ]
"ptask"="C:\Program Files\AntiSpywareSuite\ptask.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 10:11 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"AROReminder"=C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AGRSMMSG"=AGRSMMSG.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R0 fwcore;fwcore;C:\WINDOWS\system32\drivers\fwcore.sys [2006-11-07 11:58]
S2 AdwareAlertSrv;AdwareAlert Scanning Engine;"C:\Program Files\AdwareAlert\AdwareAlert.srv.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 16:03:18 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-19 10:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-02-15 19:39:26 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-06-07 09:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-19 10:30:02 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 17:57:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-15 17:58:03
ComboFix-quarantined-files.txt 2008-02-16 00:57:47
ComboFix2.txt 2008-02-13 03:23:03
.
2008-02-15 19:41:12 --- E O F ---


--
End of file - 8089 bytes

Here is the "combofix with the hijackthis. I didn't run it properly together

ComboFix 08-02-16.2 - HP_Owner 2008-02-15 18:27:12.4 - NTFSx86

Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\PROGRA~1\COMMON~1\WINPCD~1\cookw.exe
C:\WINDOWS\system32\daila.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\AntiSpywareSuite
C:\Documents and Settings\All Users\Application Data\AdvancedCleaner
C:\Documents and Settings\All Users\Application Data\AdvancedCleaner\Data\Abbr
C:\Documents and Settings\All Users\Application Data\AdvancedCleaner\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\AdvancedCleaner\Data\CustomerEmail
C:\Documents and Settings\All Users\Application Data\AdvancedCleaner\Data\CustomerName
C:\Documents and Settings\All Users\Application Data\AdvancedCleaner\Data\OID
C:\Documents and Settings\All Users\Application Data\AdvancedCleaner\Data\PCID
C:\Documents and Settings\All Users\Application Data\AdvancedCleaner\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\AdvancedCleaner\Data\Suspicious
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\Abbr
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\PCID
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\InternetAnonymizer\Data\Suspicious
C:\Documents and Settings\All Users\Application Data\WinAnonymous
C:\Documents and Settings\All Users\Application Data\WinAnonymous\Abbr
C:\Documents and Settings\All Users\Application Data\WinAnonymous\actn_email
C:\Documents and Settings\All Users\Application Data\WinAnonymous\actn_name
C:\Documents and Settings\All Users\Application Data\WinAnonymous\actn_order_id
C:\Documents and Settings\All Users\Application Data\WinAnonymous\prod_code
C:\Documents and Settings\All Users\Application Data\winpcdoctor
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user
C:\Documents and Settings\HP_Owner\Application Data\AdvancedCleaner
C:\Documents and Settings\HP_Owner\Application Data\AdvancedCleaner\activator_info.txt
C:\Documents and Settings\HP_Owner\Application Data\AdvancedCleaner\Logs\Activate.log
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Log\2008 Jan 13 - 09_03_18 AM_078.log
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\rs.dat
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Settings\IgnoreList.stg
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Settings\ScanResults.pie
C:\Documents and Settings\HP_Owner\Application Data\AntiSpywareSuite
C:\Documents and Settings\HP_Owner\Application Data\AntiSpywareSuite\avtasks.dat
C:\Documents and Settings\HP_Owner\Application Data\AntiSpywareSuite\Logs\av.log
C:\Documents and Settings\HP_Owner\Application Data\AntiSpywareSuite\Logs\ga6Support.log
C:\Documents and Settings\HP_Owner\Application Data\AntiSpywareSuite\Logs\threats.log
C:\Documents and Settings\HP_Owner\Application Data\AntiSpywareSuite\Logs\update.log
C:\Documents and Settings\HP_Owner\Application Data\AntiSpywareSuite\PGE.dat
C:\Documents and Settings\HP_Owner\Application Data\installer_en[1].exe\
C:\Documents and Settings\HP_Owner\Application Data\InternetAnonymizer
C:\Documents and Settings\HP_Owner\Application Data\InternetAnonymizer\Logs\update.log
C:\Documents and Settings\HP_Owner\Application Data\setup_en[1].exe\
C:\Documents and Settings\HP_Owner\Application Data\WinAnonymous
C:\Documents and Settings\HP_Owner\Application Data\WinAnonymous\Logs\update.log
C:\Documents and Settings\HP_Owner\Application Data\winpcdoctor
C:\Documents and Settings\HP_Owner\Application Data\winpcdoctor\Logs\update.log
C:\PROGRA~1\COMMON~1\WINPCD~1\cookw.exe
C:\Program Files\AdvancedCleaner Free
C:\Program Files\AdvancedCleaner Free\setup_p.exe
C:\Program Files\AdvancedCleaner
C:\Program Files\AdvancedCleaner\acu.dat
C:\Program Files\AdvancedCleaner\ADC.exe
C:\Program Files\AdvancedCleaner\ADC.url
C:\Program Files\AdvancedCleaner\ADC.xml
C:\Program Files\AdvancedCleaner\ADCShell.dll
C:\Program Files\AdvancedCleaner\ADCShell.xml
C:\Program Files\AdvancedCleaner\antiVlog.dat
C:\Program Files\AdvancedCleaner\appAct.dat
C:\Program Files\AdvancedCleaner\AppDB\AppBase.xml
C:\Program Files\AdvancedCleaner\AppDB\profiles.dat
C:\Program Files\AdvancedCleaner\AppDB\prowords.dat
C:\Program Files\AdvancedCleaner\appv.dat
C:\Program Files\AdvancedCleaner\atl71.dll
C:\Program Files\AdvancedCleaner\comp.dat
C:\Program Files\AdvancedCleaner\funct.dat
C:\Program Files\AdvancedCleaner\ian_monitor.exe
C:\Program Files\AdvancedCleaner\img\button.gif
C:\Program Files\AdvancedCleaner\img\button2.gif
C:\Program Files\AdvancedCleaner\img\header.gif
C:\Program Files\AdvancedCleaner\img\logo.gif
C:\Program Files\AdvancedCleaner\img\spacer.gif
C:\Program Files\AdvancedCleaner\img\top_line.gif
C:\Program Files\AdvancedCleaner\img\top1.jpg
C:\Program Files\AdvancedCleaner\img\top2.jpg
C:\Program Files\AdvancedCleaner\InstStat.exe
C:\Program Files\AdvancedCleaner\lapv.dat
C:\Program Files\AdvancedCleaner\license.rtf
C:\Program Files\AdvancedCleaner\manual.url
C:\Program Files\AdvancedCleaner\mfc71.dll
C:\Program Files\AdvancedCleaner\msvcp71.dll
C:\Program Files\AdvancedCleaner\msvcr71.dll
C:\Program Files\AdvancedCleaner\naglinks.dat
C:\Program Files\AdvancedCleaner\ps.dat
C:\Program Files\AdvancedCleaner\readme.rtf
C:\Program Files\AdvancedCleaner\report.dat
C:\Program Files\AdvancedCleaner\req.dat
C:\Program Files\AdvancedCleaner\request.dat
C:\Program Files\AdvancedCleaner\setup_p.exe
C:\Program Files\AdvancedCleaner\Support.exe
C:\Program Files\AdvancedCleaner\support.url
C:\Program Files\AdvancedCleaner\tasks.dat
C:\Program Files\AdvancedCleaner\transformer.dat
C:\Program Files\AdvancedCleaner\UADC.exe.manifest
C:\Program Files\AdvancedCleaner\UADC.url
C:\Program Files\AdvancedCleaner\uappv.dat
C:\Program Files\AdvancedCleaner\unins000.dat
C:\Program Files\AdvancedCleaner\unins000.exe
C:\Program Files\AdvancedCleaner\uninstall.ico
C:\Program Files\AdvancedCleaner\uninstaller.exe
C:\Program Files\AdvancedCleaner\uninstaller.xml
C:\Program Files\AdvancedCleaner\UninstallPage.html
C:\Program Files\AdvancedCleaner\upser.dat
C:\Program Files\AdvancedCleaner\UserManual.pdf
C:\Program Files\AntiSpyKit 5.2
C:\Program Files\AntiSpyKit 5.2\AntiSpyKit 5.2.exe
C:\Program Files\AntiSpyKit 5.2\DbgHelp.Dll
C:\Program Files\AntiSpyKit 5.2\generalConfig.xml
C:\Program Files\AntiSpyKit 5.2\Logs\scan_log_02112008-053339.html
C:\Program Files\AntiSpyKit 5.2\Logs\scan_log_02112008-173052.html
C:\Program Files\AntiSpyKit 5.2\Logs\scan_log_02112008-175101.html
C:\Program Files\AntiSpyKit 5.2\Logs\scan_log_02112008-180455.html
C:\Program Files\AntiSpyKit 5.2\Logs\scan_log_02112008-181907.html
C:\Program Files\AntiSpyKit 5.2\Logs\scan_log_02112008-182334.html
C:\Program Files\AntiSpyKit 5.2\Logs\scan_log_02112008-190546.html
C:\Program Files\AntiSpyKit 5.2\scannerConfig.xml
C:\Program Files\AntiSpyKit 5.2\usageStats.xml
C:\Program Files\Common Files\AdvancedCleaner
C:\Program Files\Common Files\AdvancedCleaner\ADCcw.exe
C:\Program Files\Common Files\WinAnonymous
C:\Program Files\Common Files\WinAnonymous\stm.exe
C:\Program Files\Common Files\WinPCDoctor
C:\Program Files\Common Files\WinPCDoctor\cookw.exe
C:\Program Files\NetProject
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\sbmdl.dll
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbun.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\scu.exe
C:\Program Files\NetProject\ts.ico
C:\Program Files\NetProject\wamdl.dll
C:\Program Files\NetProject\waun.exe
C:\Program Files\VirusHeat 3.9
C:\Program Files\VirusHeat 3.9\sdebug.log
C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe
C:\Program Files\VirusHeat 3.9\vpp.ini
C:\Program Files\WinPCDoctor
C:\Program Files\WinPCDoctor\sr.log
C:\Program Files\WinPCDoctor\swupd.log
C:\Program Files\WinPCDoctor\SysRep.exe
C:\Program Files\WinPCDoctor\SysRep.exe.Log
C:\WINDOWS\system32\daila.exe
C:\WINDOWS\system32\drivers\dhlp.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ADWAREALERTSRV
-------\AdwareAlertSrv


((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-12 18:52 . 2008-02-12 18:51 812,344 --a--c--- C:\HJTInstall.exe
2008-02-11 19:31 . 2004-12-14 09:07 19,696 --------- C:\WINDOWS\hpomdl05.dat.temp
2008-02-11 18:33 . 2008-02-11 18:33 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-11 05:59 . 2008-02-11 19:20 92,010 --a------ C:\Documents and Settings\HP_Owner\scan.dat
2008-02-10 11:52 . 2008-02-11 05:32 259,336 --a------ C:\Documents and Settings\HP_Owner\Application Data\setup_en[1].exe
2008-02-10 11:42 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-02-10 11:42 . 2008-02-10 11:42 205,064 --a------ C:\Documents and Settings\HP_Owner\Application Data\installer_en[1].exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 01:25 20,338 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-02-16 01:12 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\MSN6
2008-02-15 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-15 19:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 01:56 --------- d-----w C:\Program Files\Trend Micro
2008-02-11 12:52 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-02-10 18:51 --------- d-----w C:\Program Files\Microsoft Works
2008-02-09 19:56 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-06 02:01 --------- d-----w C:\Program Files\PokerStars
2008-02-02 14:59 --------- d-----w C:\Program Files\Freeze.com
2008-01-28 04:29 --------- d-----w C:\Program Files\eAcceleration
2008-01-28 04:17 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\eAcceleration
2008-01-27 19:53 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Microgaming
2008-01-20 17:43 --------- d-----w C:\Program Files\Ace Utilities
2008-01-19 22:22 --------- d-----w C:\Program Files\Real
2008-01-19 22:22 --------- d-----w C:\Program Files\QuickTime
2008-01-19 22:22 --------- d-----w C:\Program Files\OfficeUpdate11
2008-01-19 22:15 --------- d-----w C:\Program Files\Full Tilt Poker.Net
2008-01-16 00:48 --------- d-----w C:\Program Files\iTunes
2008-01-16 00:48 --------- d-----w C:\Program Files\iPod
2008-01-12 18:11 --------- d-----w C:\Program Files\PC MightyMax 2007
2008-01-10 03:16 --------- d-----w C:\Program Files\eAcceleration(2)
2007-12-30 22:08 --------- d-----w C:\Program Files\Advanced Registry Optimizer
2007-12-30 22:05 --------- d-----w C:\Program Files\ArmorIE
2007-12-30 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-30 20:09 54,330,664 -c--a-w C:\iTunesSetup.exe
2007-12-26 02:27 --------- d-----w C:\Program Files\Microsoft Money 2007
2007-12-26 02:27 --------- d-----w C:\Program Files\Microsoft Money 2005
2007-12-23 17:26 --------- d-----w C:\Program Files\Speeditup Free
2007-12-23 17:26 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 19:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\PIE Service
2007-12-21 16:32 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\PIE Service
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 10:11 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"AROReminder"=C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AGRSMMSG"=AGRSMMSG.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R0 fwcore;fwcore;C:\WINDOWS\system32\drivers\fwcore.sys [2006-11-07 11:58]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 16:03:18 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-19 10:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-02-16 01:31:43 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-06-07 09:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-19 10:30:02 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 18:31:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-15 18:33:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 01:33:06
ComboFix2.txt 2008-02-16 00:58:03
ComboFix3.txt 2008-02-13 03:23:03
.
2008-02-15 19:41:12 --- E O F ---

So. . . . Am I following instructions OK ? ? or have I mis-understood anything ?

Is the system recoverable? ? ?

The second time you ran ComboFix, you did it correct. It seems to be clean, but I would like a new HiJackThis log, The lkast one you ran was before the last ComboFix run so its not accurately reflecting the status of your computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:15 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7258 bytes

Run HiJackThis and press the Scan' button

When the scan is finished:
Check the following items in HijackThis.
R3 - URLSearchHook: (no name) - - (no file)

Close all windows except HijackThis and click Fix checked.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:41 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7246 bytes

All clean!

Now, unless there are still issues not reflected in your log(s), your system is clean and we are finished. Here are some simple steps you can take to reduce the chance of infection in the future. These are only suggestions, and not meant to be comprehensive, or mandatory. Take what you want, leave the rest.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system, Internet Explorer, and any Office Programs you have installed. Be sure to select the Microsoft Update option from the Windows Update Control Panel.

2. Check your Java Runtime version. (Current=1.6, aka Version 6 Update 3)
You can check the current version of the Java Runtime Modules installed by opening the Java Control Panel and selecting 'About' from the 'General' tab.
The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6 ' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.

Note: Be sure to remove all prior versions using Add/Remove Programs before you install the new one. Remember to reboot after removal.

3. Adjust your security settings for ActiveX:
Select Internet Options from the Control Panels, or from Internet Explorer (Tools -> Internet Options -> Security tab)
Click on Select Internet Zone (this is usually the default)
Press 'default level', then OK
Now press "Custom Level."

In the ActiveX controls and plug-ins section set these options:
'Download signed ActiveX controls' - Prompt
'Download unsigned ActiveX controls' - Disable
'Initialize and script ActiveX controls not maked as safe'- Disable
All other ActiveX options accept the default

4. Download and install the following free programs
a. SpywareBlaster (ActiveX protection): http://www.javacoolsoftware.com/spywareblaster.html
b. HostsXpert (HOSTS file manager): http://www.funkytoad.com

5. Install Spyware Detection and Removal Programs:
You may also want to consider installing one (or more) of the following in addition to Windows Defender:
a.Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download
b. AdAware 2007 http://www.lavasoft.de/
c. AVG AntiSpyware, Free Edition:
http://free.grisoft.com/doc/20/lng/us/tpl/v5
d. SuperAntiSpyWare, Free Edition:
http://www.snapfiles.com/get/SuperAntiSpyware.html

6. Turn on the option to Detect Phishes in your browser
Internet Explorer v7 and FireFox v2 include have excellent built-in antiphishing capabilities. Make sure you have this option turned on. If you are using Windows XP and are still using Internet Explorer 6, upgrade to Internet Explorer 7. The added security features make this upgrade mandatory for browsing today.

7. Reset System Restore
Please reset your System Restore. See Windows help for information.

8. Clean Temporary Files and Folders
Download and scan with [URL=http://www.ccleaner.com/downloadbuilds.asp]CCleaner[/URL
a. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.
b. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
c. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
d. Click the "Run Cleaner" button.
e. A pop up box will appear advising this process will permanently delete files from your system.
f. Click "OK" and it will scan and clean your system.
g. Click "exit" when done.
Run the disk cleanup utility called Cleanup! that you have already downloaded and installed
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Then reboot into normal mode to let it clean out the remaining files.

9. Rogue/Suspect Anti-Spyware
Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm

10. Anti-Spyware Programs Compared
Want to know just how effective your anti-spyware program is? Wonder how well any of the "rogue" programs listed above work? Check this link for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

11. Alternate Browser
Consider using an alternate browser as your default. I recommend and use Firefox as my primary browser. It is still necessary to keep Internet Explorer current and protected in order to use Windows Update.

If you use FireFox as your primary browser, then I recommend installing the NoScirpt extension:
http://www.noscript.net



For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

"It is your responsibility to read and adhere to the End User Licensing Agreement (EULA) of all software and services mentioned."

Good luck, and thanks for coming to our forums for help with your security and malware issues.

I can't begin to thank you enough for your help and advise. I have printed out most everything for reading / instructions. I've updated AdAware and will now get to the task of the other upgrades. I will certainly recommend Gladiator to anyone who has a computer. Thank you again. "Oly"