Symptoms:
-- C:\a.bat identified at startup, regardless of #times cleaned.
-- Difficulty reaching many internet sites on first try.
-- Windows Security Center or components thereof being disabled.

Online Virus Scan did would not produce log, but found no malware or viruses. Ditto for Spybot.

HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:28:12 AM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\windll.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Registry Defragmentation\RegManServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Windows Mode Verifier] windll.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [Windows Mode Verifier] windll.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\m97xwr8v.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\m97xwr8v.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B04CCA31-9240-4FC6-93EE-0A7C58DB4A26}: NameServer = 209.221.32.125,209.221.32.124
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Welcome to the forum, here is the item:
C:\WINDOWS\system32\windll.exe
O4 - HKLM\..\Run: [Windows Mode Verifier] windll.exe
O4 - HKLM\..\RunServices: [Windows Mode Verifier] windll.exe

My problem is I don't know what it is. A google returns this:
http://www.google.com/search?hl=en&q=windll.exe&btnG=Google+Search
The order means nothing only that there are more hits on the top ones. Now since you mention Zapchast, and I am wondering how you know, what program indicates it is that since you say all programs are showing nothing?

If it is Zapchast then here is information: http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.IRC.Zapchast&threatid=43753 which makes it even more dangerous because of the compromised security.
Severe risks are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.You may want to view this information:
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

If you would like to scan the file to be sure of what it is, make sure hidden files and folder are showing:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
and you can scan free here:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

Please let us know what you have decided to do in your next post.

Thanks

Damnit...

NOD32, which I currently use, and the F-risk F-Prot that I used to have installed identified the Zapchast as what a file called a.bat in my root directory was called. Although F-prot and NOD32 identified it as different one as REG/Zapchast@tro and the other as BAT/Zapchast@tro. Online virus scanners continue to identify nothing.

Unfortunately, disconnection from the internet and reformatting my computer is not an option at this time. I am 3 weeks from graduation and HAVE to have my computer available for my dissertation and surprise assignments that our professors like to throw at us via e-mail and websites. The closest public computer (or any other computer that I have access too) is over 20 miles away, on my schools campus. (yes, I live in the middle of BFE.)

Disinfection is my best option right now. I do not have personal information on my computer, nor does my financial institution offer online banking. PLEASE HELP.

Since I can't edit my posts, I should also mention that I am behind a NAT router with a firewall. Scans of my vulnerable ports show that it is almost completly stealth. All I can do is hope that this will protect me somewhat.

Follow these directions in the posted order.

1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKLM\..\Run: [Windows Mode Verifier] windll.exe
O4 - HKLM\..\RunServices: [Windows Mode Verifier] windll.exe

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\system32\windll.exe <<< delete that file

5) To make sure nothing else is hiding, follow the the directions in this link. Make sure you delete or quarantine anything found and save the scan results to post.
http://forums.security-central.us/showthread.php?t=3165

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post those scan results and a new HJT log.

Thanks

For your information:
Your Java appears to need an update, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_11\

We are proceeding on the information your Antivirus program provided and it is one of the best. Assuming this is the item we are dealing with then this is probably how you got infected:

Backdoor.IRC.Zapchast is spread by email spam with a link purporting to be a postcard for the user.

OK, done. Here are the logs:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:37:30 PM 4/15/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned.
C:\Program Files\Total Video Converter\patch.exe -> Backdoor.Bifrose.aas : Cleaned.
:mozilla.114:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.321:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.328:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.94:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.95:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.96:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.126:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.127:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.14:C:\Documents and Settings\Stephen\Application Data\Thunderbird\Profiles\default.ydz\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.92:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.354:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.10:C:\Documents and Settings\Stephen\Application Data\Thunderbird\Profiles\default.ydz\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.32:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.8:C:\Documents and Settings\Stephen\Application Data\Thunderbird\Profiles\default.ydz\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.9:C:\Documents and Settings\Stephen\Application Data\Thunderbird\Profiles\default.ydz\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.141:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.7:C:\Documents and Settings\Stephen\Application Data\Mozilla\Profiles\default\0hl8xcbq.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.149:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.150:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.151:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.193:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.194:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.195:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.392:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.393:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.394:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.406:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.407:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.408:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.258:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.501:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.122:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.123:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.124:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.125:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.272:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.273:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.284:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.285:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.286:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.287:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.288:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.289:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.162:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.163:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.164:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.165:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.133:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.296:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.297:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.298:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.299:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.300:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.77:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.315:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.386:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.15:C:\Documents and Settings\Stephen\Application Data\Thunderbird\Profiles\default.ydz\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.16:C:\Documents and Settings\Stephen\Application Data\Thunderbird\Profiles\default.ydz\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.17:C:\Documents and Settings\Stephen\Application Data\Thunderbird\Profiles\default.ydz\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.18:C:\Documents and Settings\Stephen\Application Data\Thunderbird\Profiles\default.ydz\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.84:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.349:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.350:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.351:C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\oykjmuve.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Both together were too long, so cont:

HijackThis Log:
HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 5:46:56 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Registry Defragmentation\RegManServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\m97xwr8v.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\m97xwr8v.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B04CCA31-9240-4FC6-93EE-0A7C58DB4A26}: NameServer = 209.221.32.125,209.221.32.124
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

No problem, you did it exactly like you should have. Here is some information to help control those cookies if you need it:
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html

http://ezinearticles.com/?How-You-Can-Avoid-The-New-Dangers-Of-Spam&id=40253
http://www.besafeonline.org/English/email.htm
http://familyinternet.about.com/cs/internetsafety1/a/safety07.htm

Your HJT log appears clean of malware, AVG cleaned everything it found, I would say you are good to go. Please finish like this:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

I appreciate your help. I do have one more issue that this has not resolved. My windows security center (or just components thereof) are still being disabled one reboot. System restore had already been disabled (discovered that when I went to do what you suggested) so that's been fixed.

What do I do about the Security Center problem? I've never run across something like this before. Is it something that will just have to wait until I can do the full reformat to fix?

Are you receiving any kind of error message? The malware probably messed with your settings.

These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.

Have a look here to see if anything will help:
http://www.spywarepoint.com/forums/t25828-security-center-disabled.html

Not sure if this applies, you can take a look:
http://windowsxp.mvps.org/resetfwpol.htm

Have a look here: http://www.kellys-korner-xp.com/xp_tweaks.htm
you may spot something to help.

Keep me posted on your progress.

Thanks

No error if it's the security center itself that goes. I have to look at it directly from the control panel to see if the service has been activated. If it's the firewall or automatic updates, then I get the usual security center alert. It seems that the services are being stopped from activating when the computer boots up somehow.

Another symptom I have noticed, and it may be completely unrelated, is that when I try to reach a website through either bookmarks or typing in the address directly, I have to make 2 or 3 attempts at times for it to find the address. This is a new occurance that seemed to coincide with the Zapchast infection. Now that I think about it, however, it also coincided with the most recent "security" fixes from windows update.

There have been glitches with the laste batch of updates, but I believe it was with RealTech: http://support.microsoft.com/kb/935448/ does not seem to apply. Here are searchable links:
http://aumha.org/win5/kb.htm
http://support.microsoft.com/default.aspx?scid=fh;en-us;kbinfo
You may want to see if Microsoft can give you any help, once you try the other suggestions I have provided:
http://support.microsoft.com/ they are helpful once you reach them, look for this: Need more help?
Contact a support professional by e-mail, online chat, or telephone.

Thanks

As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks