Help please, MBAM is unable to get rid of something

[scratch]

So far, I've been unable to remove the source of something that keeps causing my computer to complain about being unable to load a dll, zowirewa.dll, when starting up.

Here is my last MBAM log:

Malwarebytes' Anti-Malware 1.36

Database version: 1989

Windows 5.1.2600 Service Pack 2

4/16/2009 11:48:17 AM

mbam-log-2009-04-16 (11-48-17).txt

Scan type: Full Scan (C:\|)

Objects scanned: 122942

Time elapsed: 14 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dokutiwamu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is my last HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:04:12 PM, on 4/16/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\userinit.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.docstar.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.docstar.com/

O1 - Hosts: 209.17.74.21 www.photobucket.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {e528553a-d383-46eb-b324-7e308779626d} - C:\Documents and Settings\All Users\Application Data\rekomeve\rekomeve.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DelPnPDirver] C:\Program Files\panasonic\panasonic KX-P7100\DelPnPD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dokutiwamu] Rundll32.exe "C:\Documents and Settings\All Users\Application Data\zowirewa\zowirewa.dll",s

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.docstar.com

O15 - Trusted Zone: *.ilinc.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215528739829

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uservices.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = uservices.local

O20 - AppInit_DLLs: C:\Documents and Settings\All Users\Application Data\buraboto\buraboto.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: DocSTAR Client Service (DSClSvc) - DocSTAR - C:\DOCSTAR\dsclsv.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 3439 bytes

The line in bold is always coming back even after being deleted. Please help.

[scratch]

Since my first post, I have learned this: I have used MABM to scan and remove the infection, and if I don't even reboot the computer, but just run another scan, the infection will still be there.

[scratch]

Here are the last 2 log files with no reboot between the 2. MBAM doesn't ask for a reboot upon completion of the scan and removal.

Malwarebytes' Anti-Malware 1.36

Database version: 1989

Windows 5.1.2600 Service Pack 2

4/16/2009 12:39:18 PM

mbam-log-2009-04-16 (12-39-18).txt

Scan type: Quick Scan

Objects scanned: 91704

Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dokutiwamu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.36

Database version: 1989

Windows 5.1.2600 Service Pack 2

4/16/2009 12:42:49 PM

mbam-log-2009-04-16 (12-42-49).txt

Scan type: Quick Scan

Objects scanned: 91770

Time elapsed: 1 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dokutiwamu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[scratch]

Well, I decided to use a cudgel and have seem to removed the nasty bit of junk that was screwing with this computer by going back to last night's automatic restore point. It seemed like a sensible thing to try since I had no risk of losing anything important by doing so.