Here are my logs, in this order: HiJackThis; Antispyware; ComboFix .... THANK YOU TOUCH! Just knowing someone is willing to help has really lowered my stress levels 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:00 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Arwen Evans-Batt\Temporary Internet Files\Content.IE5\1BAKWZXB\HiJackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9B7B5330-6E0B-44D9-9F3D-F57D953157D8} - C:\WINDOWS\system32\yayxUMef.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe O4 - HKLM\..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [\BELFRY001\EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P38 " \\BELFRY001\EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: PowerReg Scheduler V3.exe O8 - Extra context menu item: &Search - ?p=ZZ O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.bigfishgames.com/online/dinerdash2restaura/DinerDash2.1.0.0.48.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cabO16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_games/sony/bewitched/main.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/peggle/sis/popcaploader_v10_en.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: qoMghgFW - qoMghgFW.dll (file missing) O21 - SSODL: AvpChk - {c7818afc-ab70-4068-b1ed-6d09e87659b6} - C:\WINDOWS\Resources\AvpChk.dll (file missing) O21 - SSODL: mgsvflkw - {CE68A6DA-814E-4711-9F0C-AE973B9DFA37} - C:\WINDOWS\mgsvflkw.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm--
End of file - 11751 bytes
Generated 04/19/2008 at 02:34 PM
Application Version : 4.0.1154
Core Rules Database Version : 3442
Trace Rules Database Version: 1434
Scan type : Complete Scan
Total Scan Time : 00:27:06
Memory items scanned : 540
Memory threats detected : 1
Registry items scanned : 6429
Registry threats detected : 35
File items scanned : 12843
File threats detected : 28
Trojan.Downloader-Oreon-A/Resident
C:\WINDOWS\RESOURCES\AVPCHK.DLL
C:\WINDOWS\RESOURCES\AVPCHK.DLL
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{01A33D85-4706-452A-B71A-99510ADA8C0C}
HKCR\CLSID\{01A33D85-4706-452A-B71A-99510ADA8C0C}
HKCR\CLSID\{01A33D85-4706-452A-B71A-99510ADA8C0C}\InprocServer32
HKCR\CLSID\{01A33D85-4706-452A-B71A-99510ADA8C0C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\QOMGHGFW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01A33D85-4706-452A-B71A-99510ADA8C0C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{01A33D85-4706-452A-B71A-99510ADA8C0C}
HKCR\CLSID\{01A33D85-4706-452A-B71A-99510ADA8C0C}
Adware.SprtAds/AdRotator
HKLM\Software\Classes\CLSID\{4AD44D3E-7316-4251-B754-9B10EC96AF92}
HKCR\CLSID\{4AD44D3E-7316-4251-B754-9B10EC96AF92}
HKCR\CLSID\{4AD44D3E-7316-4251-B754-9B10EC96AF92}
HKCR\CLSID\{4AD44D3E-7316-4251-B754-9B10EC96AF92}\InprocServer32
HKCR\CLSID\{4AD44D3E-7316-4251-B754-9B10EC96AF92}\InprocServer32#ThreadingModel
HKCR\CLSID\{4AD44D3E-7316-4251-B754-9B10EC96AF92}\ProgID
HKCR\CLSID\{4AD44D3E-7316-4251-B754-9B10EC96AF92}\Programmable
HKCR\CLSID\{4AD44D3E-7316-4251-B754-9B10EC96AF92}\TypeLib
HKCR\CLSID\{4AD44D3E-7316-4251-B754-9B10EC96AF92}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\SPRT_ADS.DLL
Trojan.Unclassified/GTS
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{4126A715-7157-459A-BE7F-D19C9770E169}
HKCR\CLSID\{4126A715-7157-459A-BE7F-D19C9770E169}
HKCR\CLSID\{4126A715-7157-459A-BE7F-D19C9770E169}
HKCR\CLSID\{4126A715-7157-459A-BE7F-D19C9770E169}\InprocServer32
HKCR\CLSID\{4126A715-7157-459A-BE7F-D19C9770E169}\InprocServer32#ThreadingModel
HKCR\CLSID\{4126A715-7157-459A-BE7F-D19C9770E169}\ProgID
HKCR\CLSID\{4126A715-7157-459A-BE7F-D19C9770E169}\Programmable
HKCR\CLSID\{4126A715-7157-459A-BE7F-D19C9770E169}\TypeLib
HKCR\CLSID\{4126A715-7157-459A-BE7F-D19C9770E169}\VersionIndependentProgID
HKCR\vnbptxlf.1
HKCR\vnbptxlf
HKCR\TypeLib\{CF66D2CE-E013-450D-939C-A1C12375A840}
HKCR\TypeLib\{CF66D2CE-E013-450D-939C-A1C12375A840}\1.0
HKCR\TypeLib\{CF66D2CE-E013-450D-939C-A1C12375A840}\1.0\0
HKCR\TypeLib\{CF66D2CE-E013-450D-939C-A1C12375A840}\1.0\0\win32
HKCR\TypeLib\{CF66D2CE-E013-450D-939C-A1C12375A840}\1.0\FLAGS
HKCR\TypeLib\{CF66D2CE-E013-450D-939C-A1C12375A840}\1.0\HELPDIR
C:\WINDOWS\VNBPTXLF.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@tacoda[2].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@208.122.40[2].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@209.9.174[1].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@doubleclick[1].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@questionmarket[2].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@atwola[1].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@indextools[2].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@silo.thefind[1].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@bluestreak[1].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@advertising[1].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@heavycom.122.2o7[1].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@atdmt[2].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@208.122.40[1].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@imrworldwide[2].txt
C:\Documents and Settings\Arwen Evans-Batt\Cookies\arwen_evans-batt@2o7[1].txt
Adware.UpMedia/SearchTool
HKU\S-1-5-21-2045425922-2579548367-390856425-1006\Software\UpMedia
C:\WINDOWS\system32\UpMedia
Trojan.Net-MGS/NMC
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#mgsvflkw [ {CE68A6DA-814E-4711-9F0C-AE973B9DFA37} ]
Trojan.Unclassified/Tmp-Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP677\A0051921.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP677\A0051923.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP677\A0051924.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP677\A0051925.EXE
Trojan.Unclassified-Packed/Suspicious
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP679\A0056013.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP679\A0056037.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP679\A0056043.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP680\A0056240.DLL
ComboFix 08-04-18.3 - Arwen Evans-Batt 2008-04-19 20:01:29.2 - NTFSx86
Running from: C:\Documents and Settings\Arwen Evans-Batt\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48
C:\WINDOWS\system32\feMUxyay.ini
C:\WINDOWS\system32\feMUxyay.ini2
.
---- Previous Run -------
.
C:\Program Files\PC-Cleaner
----- BITS: Possible infected sites -----
hxxp://knowledgeadventure.cachefly.net
.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.
2008-04-19 14:43 . 2008-04-19 14:43 268 --ah----- C:\sqmdata06.sqm
2008-04-19 14:43 . 2008-04-19 14:43 244 --ah----- C:\sqmnoopt06.sqm
2008-04-19 14:38 . 2008-04-19 14:38 268 --ah----- C:\sqmdata05.sqm
2008-04-19 14:38 . 2008-04-19 14:38 244 --ah----- C:\sqmnoopt05.sqm
2008-04-19 14:01 . 2008-04-19 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-19 14:00 . 2008-04-19 14:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-19 14:00 . 2008-04-19 14:00 <DIR> d-------- C:\Documents and Settings\Arwen Evans-Batt\Application Data\SUPERAntiSpyware.com
2008-04-19 13:42 . 2008-04-19 13:42 <DIR> d-------- C:\Program Files\CCleaner
2008-04-19 00:35 . 2008-04-19 00:35 268 --ah----- C:\sqmdata04.sqm
2008-04-19 00:35 . 2008-04-19 00:35 244 --ah----- C:\sqmnoopt04.sqm
2008-04-17 22:07 . 2008-04-17 22:07 268 --ah----- C:\sqmdata03.sqm
2008-04-17 22:07 . 2008-04-17 22:07 244 --ah----- C:\sqmnoopt03.sqm
2008-04-17 20:44 . 2008-04-17 20:44 <DIR> d-------- C:\Documents and Settings\Arwen Evans-Batt\Application Data\SoftInform
2008-04-17 20:39 . 2008-04-17 20:39 <DIR> d-------- C:\Program Files\SoftInform
2008-04-17 20:39 . 2008-04-17 20:50 <DIR> d-------- C:\Documents and Settings\Arwen Evans-Batt\Application Data\AdsCleaner
2008-04-16 18:28 . 2008-04-16 18:28 268 --ah----- C:\sqmdata02.sqm
2008-04-16 18:28 . 2008-04-16 18:28 244 --ah----- C:\sqmnoopt02.sqm
2008-04-16 16:55 . 2008-04-16 16:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-16 16:55 . 2008-04-16 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-15 16:34 . 2008-04-15 16:34 268 --ah----- C:\sqmdata01.sqm
2008-04-15 16:34 . 2008-04-15 16:34 244 --ah----- C:\sqmnoopt01.sqm
2008-04-14 22:34 . 2008-04-14 22:34 268 --ah----- C:\sqmdata00.sqm
2008-04-14 22:34 . 2008-04-14 22:34 244 --ah----- C:\sqmnoopt00.sqm
2008-04-13 19:01 . 2008-04-13 19:01 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-13 18:32 . 2008-04-13 18:34 <DIR> d-------- C:\Program Files\Microsoft Expression
2008-04-13 18:03 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-13 18:00 . 2008-04-13 18:00 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-13 17:57 . 2008-04-13 17:57 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-13 17:55 . 2008-04-13 17:55 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-13 17:52 . 2008-04-19 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-08 23:24 . 2008-04-08 23:24 366 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-08 18:21 . 2006-05-09 09:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-04-08 18:21 . 2008-04-08 18:21 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-08 18:21 . 2008-04-19 19:52 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-08 09:22 . 2008-04-08 09:22 <DIR> d-------- C:\Documents and Settings\Arwen Evans-Batt\Application Data\TmpRecentIcons
2008-04-08 02:52 . 2008-04-08 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fyfgfkjs
2008-04-05 21:31 . 2008-04-05 21:31 <DIR> d-------- C:\Program Files\PopCap Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 17:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 21:59 --------- d-----w C:\Program Files\MSBuild
2008-04-13 00:14 --------- d-----w C:\Documents and Settings\Arwen Evans-Batt\Application Data\LimeWire
2008-04-12 03:20 --------- d-----w C:\Program Files\MSN Messenger
2008-04-10 01:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 21:25 --------- d-----w C:\Program Files\music_now
2008-04-08 20:44 --------- d-----w C:\Program Files\EPSON
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-07 22:10 --------- d-----w C:\Program Files\Google
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-08-22 02:40 1,360 ----a-w C:\Program Files\FTW.ini
2007-08-16 02:54 27,523 ----a-w C:\Program Files\Uninst.isu
2006-07-29 21:28 182,914 ----a-w C:\Program Files\MsgPlusLive-401.exe
1997-05-13 22:26 3,206,344 ----a-w C:\Documents and Settings\Arwen Evans-Batt\HOSPPAT.EXE
1994-06-01 02:00 265,396 ----a-w C:\Documents and Settings\Arwen Evans-Batt\DOS4GW.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B7B5330-6E0B-44D9-9F3D-F57D953157D8}]
C:\WINDOWS\system32\yayxUMef.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 12:38 557056]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 22:49 454656]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 08:13 77824]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 22:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:27 1015808]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-12 00:54 102400]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 16:38 131072]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23 1187840]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54 229952]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"ioloDelayModule"="C:\Program Files\iolo\System Mechanic 6\delay.exe" [2005-06-08 21:31 96256]
"DACSMiniApp"="C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2007-07-24 13:20 197888]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]
"\BELFRY001\EPSON Stylus CX6600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.exe" [2004-03-01 03:00 98304]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
C:\Documents and Settings\Arwen Evans-Batt\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
PowerReg Scheduler V3.exe [2007-11-25 01:31:12 225280]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AvpChk"= {c7818afc-ab70-4068-b1ed-6d09e87659b6} - C:\WINDOWS\Resources\AvpChk.dll [ ]
"mgsvflkw"= {CE68A6DA-814E-4711-9F0C-AE973B9DFA37} - C:\WINDOWS\mgsvflkw.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMghgFW]
qoMghgFW.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-04-19 20:06:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] " \\BELFRY001\\EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EA.EXE /P38 \" \\\\BELFRY001\\EPSON Stylus CX6600 Series\" /O6 \"USB001\" /M \"Stylus CX6600\"" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe . ************************************************************************** . Completion time: 2008-04-19 20:12:59 - machine was rebooted [Arwen Evans-Batt] ComboFix-quarantined-files.txt 2008-04-20 00:12:49 Pre-Run: 6,016,778,240 bytes free
Post-Run: 5,902,917,632 bytes free
178 --- E O F --- 2008-04-09 03:30:06
| 
