After scanning many of the other threads and trying several times with a variety of removal tools and scanners, I just can't seem to get rid of VirtueMonde and ErrorSafe. Using AVG, Spy-Bot, McAfee, and Ad-Aware I have come across the following malware:

Those that keep returning are: Virtuemonde and ErrorSafe. Those that have come and been eradicated are: MediaPlex, Trojan.Small, and Adware.Zango.

The malware is causing internet explorer to launch to (usually) one of these pages: llehs.com, jack9.com, and cams.com.

Any help is most appreciated. Here's ComboFix and Hijackthis (ran after combofix) logs:

0----------
"Jeremy" - 2007-07-11 11:55:33 - ComboFix 07-07-10.1 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\axdrgbji.dll
C:\WINDOWS\system32\fydauuoe.dll
C:\WINDOWS\system32\qcnlgfls.dll
C:\WINDOWS\system32\ijbgrdxa.ini
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\eouuadyf.ini
C:\WINDOWS\system32\pqstv.bak1
C:\WINDOWS\system32\pqstv.bak2
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\xxyaxvw.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


2007-07-11 11:57 66,624 --a------ C:\WINDOWS\system32\labxdimg.dll
2007-07-11 11:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 07:00 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\gtk-2.0
2007-07-10 07:00 <DIR> d-------- C:\DOCUME~1\Jeremy\.thumbnails
2007-07-10 06:59 <DIR> d-------- C:\DOCUME~1\Jeremy\.gimp-2.2
2007-07-09 21:52 <DIR> d-------- C:\WINDOWS\pss
2007-07-09 21:39 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-09 21:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-09 21:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-09 14:27 <DIR> d-------- C:\DOCUME~1\Jeremy\.housecall6.6
2007-07-08 09:31 88,524 --a------ C:\smitfrau.reg
2007-07-08 09:31 3,451 --a------ C:\delfiles.cmd
2007-07-08 09:31 16,824 --a------ C:\replace.cmd
2007-07-08 09:31 1,458 --a------ C:\smitfra.reg
2007-07-07 18:28 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-07-07 18:28 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-07-07 18:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-07-07 18:09 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-07 16:53 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\PC Tools
2007-07-07 16:52 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-07 16:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-07 16:31 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-07-07 16:30 19,456 --a------ C:\WINDOWS\system32\winbug32.dll
2007-07-07 01:08 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-07-07 01:08 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-07-06 18:09 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2007-07-06 16:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-05 17:05 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-06-30 11:36 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\FastStone
2007-06-26 18:16 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-06-26 18:16 <DIR> d-------- C:\WINDOWS\nview
2007-06-26 18:14 446,464 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2007-06-26 18:14 356,352 --a------ C:\WINDOWS\system32\nvuide.exe
2007-06-26 18:14 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
2007-06-26 18:14 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-06-26 18:14 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-26 18:14 110,080 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2007-06-26 18:04 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-06-26 18:04 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-06-26 18:04 1,822,720 --a------ C:\WINDOWS\SkyTel.exe
2007-06-24 22:08 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-24 22:08 81,920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-24 22:08 8,466,432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-24 22:08 6,729,728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-24 22:08 6,234,112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-24 22:08 466,944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-24 22:08 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-24 22:08 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-24 22:08 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-24 22:08 37,376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-24 22:08 37,376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-24 22:08 360,448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-24 22:08 3,518,464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-24 22:08 3,321,856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-24 22:08 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-24 22:08 229,376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-24 22:08 2,326,528 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-24 22:08 188,416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-24 22:08 155,716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-24 22:08 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-24 22:08 1,703,936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-24 22:08 1,626,112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-24 22:08 1,474,560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-24 22:08 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-24 22:08 1,142,784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-24 22:08 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-17 13:49 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-17 12:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-06-17 09:27 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-06-17 09:27 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-06-17 09:12 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Ahead
2007-06-17 09:10 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-17 09:10 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-16 23:57 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2007-06-15 19:01 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-06-15 16:40 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-06-15 16:40 308,224 --a------ C:\WINDOWS\system32\avisynth.dll
2007-06-15 16:39 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-15 12:22 745,472 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-15 12:22 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-13 09:46 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2007-06-13 09:46 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2007-06-13 09:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
2007-06-12 23:16 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-12 18:50 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2007-06-12 18:50 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 16:19:22 -------- dc----w D:\Program Files\Mozilla Thunderbird
2007-07-10 04:43:36 -------- dc----w D:\Program Files\RogueRemover
2007-07-08 17:43:39 -------- dc----w D:\Program Files\Safer Networking
2007-07-08 16:50:36 1,604 ----a-w C:\WINDOWS\system32\tmp.reg
2007-07-08 01:30:00 -------- dc----w D:\Program Files\GIMP-2.0
2007-07-07 08:08:02 -------- dc----w D:\Program Files\Stardock
2007-07-07 01:18:05 -------- dc-h--w D:\Program Files\InstallShield Installation Information
2007-07-06 23:17:23 -------- dc----w D:\Program Files\QuickTime Alternative
2007-06-30 16:48:20 -------- dc----w D:\Program Files\Minefield
2007-06-27 01:15:22 -------- dc----w D:\Program Files\NVIDIA Corporation
2007-06-27 01:13:00 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-27 01:04:40 -------- dc----w D:\Program Files\Realtek
2007-06-27 00:52:59 -------- dc----w D:\Program Files\Fox LiveUpdate
2007-06-27 00:32:59 4,821 ----a-w C:\WINDOWS\mozver.dat
2007-06-25 05:08:00 6,806,720 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-25 05:08:00 5,686,528 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-06-25 05:08:00 1,018,772 ----a-w C:\WINDOWS\system32\nvucode.bin
2007-06-18 00:55:06 -------- dc----w D:\Program Files\THQ
2007-06-17 16:28:43 -------- dc----w D:\Program Files\DVDlabPro2
2007-06-17 16:10:33 -------- dc----w D:\Program Files\Nero
2007-06-17 16:03:50 -------- dc----w D:\Program Files\GUI for dvdauthor
2007-06-17 01:22:08 -------- dc----w D:\Program Files\DIKO
2007-06-16 16:30:29 -------- dc----w D:\Program Files\WISE-FTP
2007-06-15 19:22:07 -------- dc----w D:\Program Files\Xvid
2007-06-13 16:33:59 -------- dc----w D:\Program Files\QuickTime
2007-06-13 15:57:13 -------- dc----w D:\Program Files\Windows Installer Clean Up
2007-06-13 15:43:46 -------- dc----w D:\Program Files\Metapad
2007-06-10 17:06:25 -------- dc----w D:\Program Files\Safarp
2007-06-10 17:04:20 -------- dc----w D:\Program Files\Easy Uninstaller
2007-06-10 15:42:41 -------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-06-10 08:56:09 -------- dc----w D:\Program Files\Sony
2007-06-05 21:55:20 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\Ventrilo
2007-06-05 19:16:39 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-05 19:15:48 -------- dc----w D:\Program Files\7-Zip
2007-06-02 16:04:43 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\Uniblue
2007-06-02 02:05:40 -------- dc----w D:\Program Files\MagicISO
2007-06-02 00:31:09 -------- dc----w D:\Program Files\BitLord
2007-06-01 03:09:48 -------- dc----w D:\Program Files\Microsoft Works
2007-06-01 03:08:50 -------- dc----w D:\Program Files\Microsoft.NET
2007-06-01 03:07:23 -------- dc----w D:\Program Files\Microsoft Visual Studio 8
2007-05-28 15:02:38 -------- dc----w D:\Program Files\SpeedFan
2007-05-27 16:39:06 -------- dc----w D:\Program Files\AMD
2007-05-27 06:16:05 -------- dc----w D:\Program Files\CFF Explorer
2007-05-27 01:37:56 1,100 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-05-24 19:16:37 -------- dc----w D:\Program Files\Cacheman
2007-05-22 04:49:20 -------- dc----w D:\Program Files\ATITool
2007-05-21 14:10:02 -------- dc----w D:\Program Files\CPU-z
2007-05-21 13:59:03 -------- d-----w C:\Program Files\Common Files\ActivCard
2007-05-21 13:58:57 -------- dc----w D:\Program Files\ActivCard
2007-05-21 13:53:07 -------- dc----w D:\Program Files\SCM Microsystems
2007-05-21 03:08:33 -------- dc-h--w D:\Program Files\WindowsUpdate
2007-05-20 11:21:31 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-05-20 11:20:30 -------- dc----w D:\Program Files\Futuremark
2007-05-20 07:19:55 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\Logitech
2007-05-20 07:19:04 -------- d-----w C:\Program Files\Common Files\Logitech
2007-05-20 07:18:53 -------- dc----w D:\Program Files\Logitech
2007-05-20 02:56:10 -------- dc----w D:\Program Files\One Guy Coding
2007-05-20 02:44:56 -------- dc----w D:\Program Files\windows nt
2007-05-20 02:44:56 -------- dc----w D:\Program Files\movie maker
2007-05-20 02:44:55 -------- dc----w D:\Program Files\msn gaming zone
2007-05-20 02:44:55 -------- dc----w D:\Program Files\microsoft frontpage
2007-05-19 22:11:31 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\Turbine
2007-05-19 21:57:34 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\Thunderbird
2007-05-19 21:51:10 -------- dc----w D:\Program Files\FastStone Image Viewer
2007-05-19 21:43:59 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\Talkback
2007-05-19 21:43:56 0 -c--a-w C:\WINDOWS\nsreg.dat
2007-05-19 21:38:48 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\Leadertech
2007-05-19 21:35:05 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-19 21:30:10 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\Lavasoft
2007-05-19 21:30:02 -------- dc----w D:\Program Files\Lavasoft
2007-05-19 21:27:10 -------- dc----w D:\Program Files\Fraps
2007-05-19 21:24:02 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\Realtime Soft
2007-05-19 21:16:00 8 ----a-w C:\WINDOWS\system32\nvModes.dat
2007-05-19 21:13:07 -------- dc----w D:\Program Files\Creative
2007-05-19 21:12:45 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-05-19 21:12:44 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\Creative
2007-05-19 20:32:13 0 --sha-r C:\MSDOS.SYS
2007-05-19 20:32:13 0 --sha-r C:\IO.SYS
2007-05-19 20:32:13 0 ----a-w C:\CONFIG.SYS
2007-05-19 20:32:13 0 ----a-w C:\AUTOEXEC.BAT
2007-05-19 20:30:50 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-05-19 20:30:13 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-19 14:12:08 -------- d-----w C:\Program Files\Common Files\ODBC
2007-05-19 14:12:06 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-05-18 00:27:23 -------- dc----w D:\Program Files\Samsung
2007-04-27 15:55:00 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-27 15:55:00 5,431,296 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-04-27 15:55:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-04-27 15:55:00 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-27 15:55:00 3,637,248 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-04-27 15:55:00 3,231,744 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-04-27 15:55:00 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-04-27 15:55:00 2,412,544 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
2007-03-16 15:13 118784 --a--c--- D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A83767F-EDDD-44B8-9737-34F5A413F3D2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
2006-10-27 00:48 2210608 --a--c--- D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a--c--- D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938A8A03-A938-4019-B764-03FF8D167D79}]
2007-07-11 11:57 66624 --a------ C:\WINDOWS\system32\labxdimg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1D812B3-8F22-4BD2-BAB7-BF41B3F41BCB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
2007-03-29 22:11 321120 --a--c--- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7E3F0B7-9682-4D55-957D-C6DF0662A9EC}]
C:\WINDOWS\system32\vtsqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7B1A975-F2C2-4F83-B086-26E34108DE3a}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-03-13 17:14]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"AVG7_CC"="d:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-05-20 08:10]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 17:33 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"nwiz"="nwiz.exe" [2007-06-24 22:08 C:\WINDOWS\system32\nwiz.exe]
"CtxfiReg"="CTXFIREG.exe" [2006-08-11 14:53 C:\WINDOWS\system32\CTXFIREG.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UltraMon"="D:\Program Files\UltraMon\UltraMon.exe" []
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-24 22:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 12:12]
"AVG7_Run"="d:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-05-20 08:10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
acauth.dll 2002-12-17 10:11 65536 C:\WINDOWS\system32\acauth.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtxfiReg]
CTXFIREG.exe /FAIL1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon]
"D:\Program Files\UltraMon\UltraMon.exe" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"NMIndexingService"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28b45920-1b6f-11dc-8d99-0015584562d0}]
AutoRun\command- H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe


Contents of the 'Scheduled Tasks' folder
2007-07-02 16:03:00 C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
2007-06-02 16:03:10 C:\WINDOWS\tasks\Uniblue SpyEraser.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 11:59:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NVR0Dev]
"ImagePath"="\??\C:\WINDOWS\nvoclock.sys"

Completion time: 2007-07-11 12:01:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-11 12:01

--- E O F ---

0------------

BTW, i tried to use HouseCall and received an error:

Warning, the HouseCallAPI did not define a Native Binding.

Logfile of HijackThis v1.99.1
Scan saved at 12:12:37 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
d:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\CTHELPER.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
E:\Fraps\fraps.exe
E:\Program Files\Belkin\Nostromo\nost_LM.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\progra~1\mozill~2\thunde~1.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Downloads\SECURITY\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {2A83767F-EDDD-44B8-9737-34F5A413F3D2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\labxdimg.dll
O2 - BHO: (no name) - {A1D812B3-8F22-4BD2-BAB7-BF41B3F41BCB} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B7E3F0B7-9682-4D55-957D-C6DF0662A9EC} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: (no name) - {D7B1A975-F2C2-4F83-B086-26E34108DE3a} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AWMON] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [AVG7_Run] d:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Startup: ActivCard Gold Smart Card Agent.lnk = D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - Startup: Fraps.lnk = E:\Fraps\fraps.exe
O4 - Startup: Loadout Manager.lnk = E:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Startup: Logitech SetPoint.lnk = ?
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{07129C82-C99D-4CAA-90D6-287F757E6789}: NameServer = 68.2.16.30,68.2.16.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{07129C82-C99D-4CAA-90D6-287F757E6789}: NameServer = 68.2.16.30,68.2.16.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{07129C82-C99D-4CAA-90D6-287F757E6789}: NameServer = 68.2.16.30,68.2.16.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - d:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Also, this started to occur after installing StarDock's ObjectDock Pro 1.9 - I don't know if that helps any or not.

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

It appears you missed the instructions Pinned at the top of the forum, I posted them for you above, so you could see the information we request as well as this:

Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.

Also, this started to occur after installing StarDock's ObjectDock Pro 1.9
Please remember we are miles apart, I will not know what "this" is. Remote repairs are hard, let's do our best to communicate so we can both undertand.
I am also wondering why you installed the StartDock program, not having ever used it?

BTW, i tried to use HouseCall and received an errorWarning, the HouseCallAPI did not define a Native Binding:
http://www.google.com/search?hl=en&q=+Warning%2C+the+HouseCallAPI+did+not+define+a+Native+Binding&btnG=Search

Let's try this and see what happens:

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

2) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

3) Ad-Watch will block the changes we must make, turn it off until you finish:
In the Ad-Watch window have them check the Active option instead of Automatic and it will stop undoing your fix.
1. Right-click on Ad-watch icon in the System Tray.
2.Go to Ad-Watch Settings and uncheck Load Ad-Watch on Windows start up
3. Again in Ad-Watch Settings Select Unload Ad-watch.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {2A83767F-EDDD-44B8-9737-34F5A413F3D2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\labxdimg.dll
O2 - BHO: (no name) - {A1D812B3-8F22-4BD2-BAB7-BF41B3F41BCB} - (no file)
O2 - BHO: (no name) - {B7E3F0B7-9682-4D55-957D-C6DF0662A9EC} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: (no name) - {D7B1A975-F2C2-4F83-B086-26E34108DE3a} - (no file)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) Since you already have this program onboard:
Follow the directions in this link to run AVG Anti-Spyware, make sure you delete or quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the AVG Anti-Spyware scan report and a new HJT log. Let me know how the computer in running and post any information I requested.

Thanks

Thanks for the reply! Yes I had read all the "read before you post" posts. Looking back I should have edited that first post instead of replying - it was relevant information, though, and not post bumping, I swear!

I installed ObjectDock because I love that similar feature on the Mac and I've just gotten so tired of a cluttered Start Menu. I didn't download it directly from Stardock and that may have been my point of infection.

I followed all directions in the last post, however, I didn't get a log from AVG as it crashed before I could copy it. It found only VirtueMonde and reported it deleted.

Here's the new HJT log. Note the bolded entries - AdWatch detects these as modifying the registry every boot and I can't seem to get AVG Antivirus to ditch the "runonce" command. It is only supposed to run ONCE ever not once per boot, right? And one other thing - is it okay to run both AVG AntiSpyware Shield AND Ad-Watch AND AVG Antivirus or will they be conflicting with each other?

Logfile of HijackThis v1.99.1
Scan saved at 10:45:15 AM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\WINDOWS\system32\taskswitch.exe
D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\Fraps\fraps.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\Belkin\Nostromo\nost_LM.exe
d:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
d:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Downloads\SECURITY\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UltraMon] "D:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AWMON] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [AVG7_Run] d:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Startup: ActivCard Gold Smart Card Agent.lnk = D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - Startup: Fraps.lnk = E:\Fraps\fraps.exe
O4 - Startup: Loadout Manager.lnk = E:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Startup: Logitech SetPoint.lnk = ?
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EAC0025-63EF-4DDB-8818-70326829E3C6}: NameServer = 68.2.16.30,68.2.16.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8517AD6-8730-48F4-8DA8-B6B59387F08C}: NameServer = 68.2.16.30,68.2.16.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - d:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks for returning your information, let me first say the HJT log you posted appears clean of malware.
Logfile of HijackThis v1.99.1Scan saved at 10:45:15 AM, on 7/15/2007

This item: O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE is an optional removal, read about it here:
http://www.castlecops.com/s5306-ALCMTR_EXE.html

Use your Google, these items:
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1
http://www.liutilities.com/products/wintaskspro/processlibrary/ctxfireg/
http://www.google.com/search?hl=en&q=CTXFIREG.exe+&btnG=Search

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
http://www.liutilities.com/products/wintaskspro/processlibrary/ctxfihlp/
http://www.google.com/search?hl=en&q=CTXFIHLP.EXE&btnG=Search

O4 - HKCU\..\Run: [AVG7_Run] d:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
http://www.liutilities.com/products/wintaskspro/processlibrary/avgw/
http://www.google.com/search?hl=en&q=avgw.exe&btnG=Search

The first two deal with your sound card, I would not suggest you do anything there unless you discuss it with tech suport.

Let's talk about the two Grisoft products you are running and I do not know if you pay for these or not.

AVG7 is obsolete, I would be trying to update it to 7.5 if I were you, that may take care if the issues you mention. The program needs to run at all times. Here is a link were you can find out how to update to ANG Anti-Virus 7.5: http://free.grisoft.com/doc/avg-anti-virus-free/lng/us/tpl/v5

AVG Anti-Spyware 7.5: If it is a trial, that lasted 30 days and there is no realtime protection. If you wish to keep the scanner I suggest if you do not own it, you disable it in Services and uncheck it in MSConfig. If it runs beyond the trial it does nothing but use resources. Updates are free and you can keep and use the scanner.

Ad-aware Ad-Watch: I have used Ad-ware free for many years but know little about Ad-watch. We know to run only one antivirus program and one firewall, but the jury is still out on spyware programs. I can say it should not interfere with AVG Antivirus. Information is limited about what spyware program is compatible with what. You may want to ask tech support at the individual programs you are considering running.

Once you look at the information I am providing from experts, if you have additional questions, post them. I will do me best to give you answers.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Thanks for the help, pskelley. I'm going to read through all this information you've provided me and bookmarked the page for future reference. I'm now using the "noscript" addon in Firefox along with updated versions of AVG Anti-Virus and Ad-Aware/Ad-Watch and a weekly Spybot scan.

Thanks again!

As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks...pskelley