Hello,

I downloaded a freeware program about six days ago and I believe it infected me with virtumonde. For the past two years or so I've used Spybot Search and Destroy and Ad-Aware and rarely HijackThis to remove problems. Until now those three could always get rid of any virus or malware. Well, I've run them now two times a day for the last five days and the Virtumonde keeps returning. Even HijackThis didn't get rid of it so if there is someone who can help please I will be in your eternal debt!

I'm not sure I understood the "Before You Post" Directions. In the "Before You Post" Thread it has step 1) tells you to run Kaspersky then it says IF you cannot run the antispy scan then post the HijackThis log. Then Step two run HijackThis in safe mode. Am I only supposed to do steps 2, 3 and 4 if I cannot normally run HJT? I could run HJT normally so I've done that and am going to post the log now along with the Kaspersky log which I also ran. Please let me know if I should run HJT as described in steps 2, 3 and 4.

Thanks a lot.

Here's the HJT log run while NOT in safemode.


--- Search result list ---

--- Spybot - Search && Destroy version: 1.3 ---
2007-09-26 Includes\Cookies.sbi
2007-07-25 Includes\Dialer.sbi
2007-09-26 Includes\DialerC.sbi
2007-08-29 Includes\Hijackers.sbi
2007-09-26 Includes\HijackersC.sbi
2007-07-25 Includes\Keyloggers.sbi
2007-09-26 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-09-12 Includes\Malware.sbi
2007-09-26 Includes\MalwareC.sbi
2007-09-05 Includes\PUPS.sbi
2007-09-26 Includes\PUPSC.sbi
2007-09-26 Includes\Revision.sbi
2007-05-30 Includes\Security.sbi
2007-09-26 Includes\SecurityC.sbi
2007-09-12 Includes\Spybots.sbi
2007-09-26 Includes\SpybotsC.sbi
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi
2007-09-26 Includes\TrojansC.sbi
2007-06-06 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/928365
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931768)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run,
command:

Located: HK_LM:Run, ANIWZCS2Service
command: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
file: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
size: 45056
MD5: f3644c30f79b7d3183e296272b163900

Located: HK_LM:Run, CnxDslTaskBar
command: C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
file: C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
size: 385024
MD5: fff6dc1f2a1128f5b6564dcef9dd3ac9

Located: HK_LM:Run, Dell|Alert
command: C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
file: C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
size: 282624
MD5: b1d2fe70df8a2e02b32ea3d29edfb997

Located: HK_LM:Run, D-Link AirPlus G
command: C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
file: C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
size: 1216512
MD5: 998e0e540f90cefd9b14549ef31db881

Located: HK_LM:Run, LogitechVideoRepair
command: C:\Program Files\Logitech\Video\ISStart.exe
file: C:\Program Files\Logitech\Video\ISStart.exe
size: 458752
MD5: b5652e4b805e404a0d5d8177b401802a

Located: HK_LM:Run, LVCOMSX
command: C:\WINDOWS\system32\LVCOMSX.EXE
file: C:\WINDOWS\system32\LVCOMSX.EXE
size: 221184
MD5: f0431c490f124a8cc874163e6a38dd28

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 7ac98888346124460cc78860a3c73df3

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, SearchIndexer
command: rundll32.exe "C:\WINDOWS\system32\rmisvmmm.dll",sitypnow
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896e712a34d654a337c8cbb9deb07200

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: b8e684df9a97497edd2f87444a6307fb

Located: HK_LM:RunOnceEx,
command:

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, LogitechSoftwareUpdate
command: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
file: C:\Program Files\Logitech\Video\ManifestEngine.exe
size: 196608
MD5: 423c24b558d69ac9b6c53c41f65b0b91

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), Smart Wizard Wireless Settings.lnk
command: C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
file: C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
size: 282624
MD5: e300058a58b7fd8df88e6ff5c05cb27f



--- Browser helper object list ---

Part Two of HJT log

--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn0\
Long name: yt.dll
Short name:
Date (created): 6/7/2007 1:11:42 PM
Date (last access): 9/27/2007 12:52:32 PM
Date (last write): 10/26/2006 10:28:40 AM
Filesize: 440384
Attributes: archive
MD5: 2785037CE05B63D5607C9D5DFB2FEEE4
CRC32: 9ED93A02
Version: 7.214.0.10

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/18/2006 4:16:42 AM
Date (last access): 9/27/2007 12:52:32 PM
Date (last write): 12/18/2006 4:16:42 AM
Filesize: 59032
Attributes: archive
MD5: 4EA3A6CD9D20584FFAFDB1E47DBF0E20
CRC32: 7B0A854F
Version: 0.7.0.0

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 5/11/2004 11:03:00 PM
Date (last access): 9/27/2007 12:52:32 PM
Date (last write): 5/11/2004 11:03:00 PM
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 11/18/2005 10:06:10 AM
Date (last access): 9/27/2007 12:52:32 PM
Date (last write): 10/31/2006 4:29:16 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 7.214.0.10

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: ssv.dll
Short name:
Date (created): 9/22/2007 7:52:58 PM
Date (last access): 9/27/2007 12:52:32 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 501136
Attributes: archive
MD5: D6137540BDF0F9F9B9055C60ADD8007A
CRC32: 29E910AF
Version: 0.6.0.0

{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
BHO name:
CLSID name: ST
Path: C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\
Long name: stmain.dll
Short name:
Date (created): 5/27/2005 6:17:30 AM
Date (last access): 9/27/2007 12:32:48 AM
Date (last write): 8/13/2004 3:42:00 PM
Filesize: 155648
Attributes: archive
MD5: 0DA1349495955CB41A5899047C5A1267
CRC32: C050EECD
Version: 0.1.0.2

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 12/22/2004 1:03:28 PM
Date (last access): 9/27/2007 12:52:38 PM
Date (last write): 12/2/2004 10:59:32 AM
Filesize: 720896
Attributes: readonly archive
MD5: D4E9B7B696E8C40A0E5CB76621A03EE4
CRC32: 019AF69C
Version: 0.2.0.0

{AB0199FD-1533-4A4F-AED7-E1A5D03A684D} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: ssqro.dll
Short name:
Date (created): 9/15/2007 6:09:56 PM
Date (last access): 9/27/2007 12:44:36 PM
Date (last write): 9/15/2007 6:09:58 PM
Filesize: 244832
Attributes:
MD5: 639AF466C97BA0EA39C27FA121D33E7F
CRC32: 21B57856
Version: 255.255.255.255

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
BHO name:
CLSID name: MSNToolBandBHO
Path: C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\
Long name: msntb.dll
Short name:
Date (created): 2/16/2006 1:05:52 PM
Date (last access): 9/27/2007 12:32:48 AM
Date (last write): 1/17/2006 5:04:16 PM
Filesize: 282624
Attributes: archive
MD5: 6B3B0C6657B3DFEAD7ABC5BFEE45B347
CRC32: 1DF31317
Version: 0.1.0.2

{CCFEE31B-3123-4288-BF0B-D7EF60D2CB9A} ()
BHO name:
CLSID name:
Path: C:\Program Files\Outlook Express\
Long name: nipyrawi83122.dll
Short name: NIPYRA~1.DLL
Date (created): 8/2/2007 8:44:00 AM
Date (last access): 9/27/2007 12:52:38 PM
Date (last write): 8/2/2007 8:44:00 AM
Filesize: 282624
Attributes: archive
MD5: 0B36BD26E49F50029B240EF4C5F2F729
CRC32: 73A2E003
Version: 255.255.255.255

{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: hswreqrt.dll
Short name:
Date (created): 9/26/2007 11:10:36 PM
Date (last access): 9/27/2007 12:52:38 PM
Date (last write): 9/26/2007 11:10:36 PM
Filesize: 69184
Attributes: archive
MD5: 88DF7FA7FA2C8AD8404DEA72D3671A31
CRC32: CC289E25
Version: 255.255.255.255

{D6CDE6CF-1CCA-48C7-B2A4-4A7A6D8927D3} (0)
BHO name: 0
CLSID name:
Path: C:\Program Files\MSN Messenger\
Long name: rybi.dll
Short name:
Date (created): 9/27/2007 12:53:14 PM
Date (last access): 9/27/2007 12:53:14 PM
Date (last write): 9/27/2007 12:53:14 PM
Filesize: 70144
Attributes: archive
MD5: 39D8FEB675241490403CBD33A7C14159
CRC32: 9DD5EBB1
Version: 255.255.255.255

{E9BD0828-1FD9-410C-A50F-43EBE65D310F} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: fcccdcc.dll
Short name:
Date (created): 9/15/2007 1:15:52 AM
Date (last access): 9/27/2007 12:44:36 PM
Date (last write): 9/15/2007 1:15:52 AM
Filesize: 31254
Attributes:
MD5: F95B1320BB0CAEA3A31B34405DE7F682
CRC32: 862B531C
Version: 255.255.255.255

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft.com/money/default.asp
info source: TonyKlein
Path: C:\Program Files\Microsoft Money\System\
Long name: mnyviewer.dll
Short name: MNYVIE~1.DLL
Date (created): 7/25/2001 7:00:00 AM
Date (last access): 9/27/2007 12:52:42 PM
Date (last write): 7/25/2001 7:00:00 AM
Filesize: 143420
Attributes: archive
MD5: 25303746C4B0562D0C152DD414759C62
CRC32: 9CB9C6CC
Version: 0.10.0.0

{FEC496C8-D64D-4FBE-A81A-43A0619CF86E} ()
BHO name:
CLSID name:
Path: C:\Program Files\Outlook Express\
Long name: nipyrawi4444.dll
Short name: NIPYRA~2.DLL
Date (created): 8/2/2007 8:44:00 AM
Date (last access): 9/27/2007 12:53:06 PM
Date (last write): 8/2/2007 8:44:00 AM
Filesize: 282624
Attributes: archive
MD5: 0B36BD26E49F50029B240EF4C5F2F729
CRC32: 73A2E003
Version: 255.255.255.255



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 10/6/2002 1:44:34 AM
Date (last access): 9/27/2007 12:52:38 PM
Date (last write): 4/14/2005 2:17:22 PM
Filesize: 360504
Attributes: archive
MD5: F88CD154B9627646E9DDA1679155E4E3
CRC32: 5B04FF79
Version: 0.6.0.5

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 9/7/2007 11:29:00 AM
Date (last access): 9/27/2007 1:16:36 AM
Date (last write): 9/7/2007 11:29:00 AM
Filesize: 946176
Attributes: archive
MD5: FF8E719BDBAD6CB2801D0DEE3F1193E8
CRC32: C7AF2432
Version: 0.5.0.0

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 7/12/2005 5:04:22 PM
Date (last access): 9/27/2007 12:44:36 PM
Date (last write): 3/15/2007 6:19:28 PM
Filesize: 1476992
Attributes: archive
MD5: D1CB99ADBA9397D7D02B0B2DCFE47F1A
CRC32: ED982FE3
Version: 0.1.0.7

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 11/18/2005 10:06:12 AM
Date (last access): 9/27/2007 12:44:22 AM
Date (last write): 7/30/2006 2:25:34 PM
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 7.214.0.4

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:

{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla

{406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia)
DPF name:
CLSID name: Snapfish Activia
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SnapfishActivia1000.ocx
Short name: SNAPFI~1.OCX
Date (created): 6/3/2005 1:24:32 PM
Date (last access): 9/27/2007 1:01:58 AM
Date (last write): 6/3/2005 1:24:32 PM
Filesize: 286720
Attributes: archive
MD5: F5C79C45F1ADF877DC3AFDFF3565AE7B
CRC32: F118547A
Version: 0.1.0.0

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ()
DPF name:
CLSID name:

{8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper)
DPF name:
CLSID name: Yahoo! Webcam Upload Wrapper
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yuplapp.dll
Short name:
Date (created): 10/8/2002 11:37:34 AM
Date (last access): 9/27/2007 1:02:00 AM
Date (last write): 10/8/2002 11:37:34 AM
Filesize: 204800
Attributes: archive
MD5: C9A7906090449A70F7135C5AF16438EE
CRC32: E0544831
Version: 0.2.0.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 9/27/2007 12:18:02 AM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 0.6.0.0

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class)
DPF name:
CLSID name: YahooYMailTo Class
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: ymmapi.dll
Short name:
Date (created): 6/7/2007 1:11:46 PM
Date (last access): 9/27/2007 12:44:22 AM
Date (last write): 10/30/2006 3:50:00 PM
Filesize: 190496
Attributes: archive
MD5: A0C86DB296BBE76145377D56C5975175
CRC32: D147EC40
Version: 7.213.0.1

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} ()
DPF name:
CLSID name:

{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01)
DPF name: Java Runtime Environment 1.4.0_01
CLSID name:

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 9/27/2007 1:48:38 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 0.6.0.0

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 9/27/2007 1:48:38 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 0.6.0.0

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9.ocx
Short name:
Date (created): 6/22/2006 1:44:22 PM
Date (last access): 9/27/2007 12:53:00 PM
Date (last write): 6/22/2006 1:44:22 PM
Filesize: 2201224
Attributes: readonly archive
MD5: 99F80CA1EBE95677668F54CAC6F4AD6D
CRC32: B7385E3B
Version: 0.9.0.0

{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar)
DPF name:
CLSID name: Yahoo! Toolbar
description: Yahoo toolbar
classification: Unknown
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn0\
Long name: yt.dll
Short name:
Date (created): 6/7/2007 1:11:42 PM
Date (last access): 9/27/2007 12:52:32 PM
Date (last write): 10/26/2006 10:28:40 AM
Filesize: 440384
Attributes: archive
MD5: 2785037CE05B63D5607C9D5DFB2FEEE4
CRC32: 9ED93A02
Version: 7.214.0.10



--- Process list ---
Spybot - Search && Destroy process list report, 9/27/2007 1:48:36 PM

Here's the third and final part of the HJT log:

--- Process list ---
Spybot - Search && Destroy process list report, 9/27/2007 1:48:36 PM

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 248 (2016) C:\WINDOWS\Explorer.EXE
PID: 464 ( 816) C:\WINDOWS\System32\CTsvcCDA.EXE
PID: 480 ( 4) \SystemRoot\System32\smss.exe
PID: 560 ( 816) C:\WINDOWS\system32\cdtgmhmm.exe
PID: 592 ( 480) csrss.exe
PID: 628 ( 816) C:\WINDOWS\system32\drivers\KodakCCS.exe
PID: 652 ( 816) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 708 ( 816) C:\WINDOWS\system32\nvsvc32.exe
PID: 772 ( 480) \??\C:\WINDOWS\system32\winlogon.exe
PID: 816 ( 772) C:\WINDOWS\system32\services.exe
PID: 828 ( 772) C:\WINDOWS\system32\lsass.exe
PID: 1016 ( 816) C:\WINDOWS\system32\svchost.exe
PID: 1072 ( 816) wdfmgr.exe
PID: 1100 ( 816) svchost.exe
PID: 1160 ( 248) C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
PID: 1180 ( 248) C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
PID: 1188 ( 248) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 1196 ( 248) C:\Program Files\QuickTime\qttask.exe
PID: 1204 ( 248) C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
PID: 1212 ( 248) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PID: 1220 ( 248) C:\WINDOWS\system32\LVCOMSX.EXE
PID: 1240 ( 816) C:\WINDOWS\System32\svchost.exe
PID: 1264 ( 248) C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PID: 1312 ( 248) C:\WINDOWS\system32\ctfmon.exe
PID: 1336 ( 816) svchost.exe
PID: 1408 ( 816) C:\WINDOWS\System32\ScsiAccess.EXE
PID: 1456 ( 816) svchost.exe
PID: 1512 ( 248) C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
PID: 1608 ( 816) C:\WINDOWS\System32\svchost.exe
PID: 1636 ( 816) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PID: 1716 ( 816) C:\WINDOWS\system32\spoolsv.exe
PID: 1876 ( 816) C:\WINDOWS\System32\MsPMSPSv.exe
PID: 2264 ( 816) alg.exe
PID: 2400 (1240) C:\WINDOWS\system32\wscntfy.exe
PID: 2564 ( 248) C:\WINDOWS\system32\devldr32.exe
PID: 2584 ( 248) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 3556 ( 248) C:\Program Files\Mozilla\Firefox\firefox.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 9/27/2007 1:48:36 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{49033FA6-4932-49AE-9F22-51BAEEA9783C}] SEQPACKET 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{49033FA6-4932-49AE-9F22-51BAEEA9783C}] DATAGRAM 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{357411CE-62C2-45CC-89AF-89C73E9AC59C}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{357411CE-62C2-45CC-89AF-89C73E9AC59C}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B66112BF-25E4-47D8-8834-CE578E742082}] SEQPACKET 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B66112BF-25E4-47D8-8834-CE578E742082}] DATAGRAM 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CBCFE9CE-2ACB-4C6A-B924-A0E00EBBF543}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CBCFE9CE-2ACB-4C6A-B924-A0E00EBBF543}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9C8225BD-F4C8-473A-960B-3EC78FFB72E0}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9C8225BD-F4C8-473A-960B-3EC78FFB72E0}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FD3AB621-7347-45E3-9A93-08B194404191}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FD3AB621-7347-45E3-9A93-08B194404191}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A86A9BFC-6120-4ABB-8727-2C678233C021}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A86A9BFC-6120-4ABB-8727-2C678233C021}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF3CFEA3-EADC-46EF-919D-1B607C4E913E}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF3CFEA3-EADC-46EF-919D-1B607C4E913E}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E6E4082F-E853-44A4-9379-6ED89DB9ABCF}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E6E4082F-E853-44A4-9379-6ED89DB9ABCF}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DECCF2C4-9242-4A80-80F5-587F6AE1FD24}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DECCF2C4-9242-4A80-80F5-587F6AE1FD24}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{13B6D603-5CB0-4CC6-B2AE-0773DEF1E2D6}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{13B6D603-5CB0-4CC6-B2AE-0773DEF1E2D6}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D4E111F-753F-4F1C-BAEC-D65995E86EA2}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D4E111F-753F-4F1C-BAEC-D65995E86EA2}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ED1C53F6-5F86-4959-9863-42389A6741CE}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ED1C53F6-5F86-4959-9863-42389A6741CE}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Here is the Kaspersky Online Scanner Log. I pasted it into Notepad first to remove any html.

KASPERSKY ONLINE SCANNER REPORT
Thursday, September 27, 2007 1:20:37 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 27/09/2007
Kaspersky Anti-Virus database records: 423863
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 170024
Number of viruses found 17
Number of infected objects 47
Number of suspicious objects 0
Duration of the scan process 02:07:11

Infected Object Name Virus Name Last Action
C:\check_LSA7.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\4dyyg3hb.default\cert8.db Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\4dyyg3hb.default\history.dat Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\4dyyg3hb.default\key3.db Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\4dyyg3hb.default\parent.lock Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\4dyyg3hb.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\4dyyg3hb.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Matthew\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\4dyyg3hb.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\4dyyg3hb.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\4dyyg3hb.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Mozilla\Firefox\Profiles\4dyyg3hb.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\History\History.IE5\MSHist012007092620070927\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\q562dvlz.exe Infected: Trojan.Win32.Agent.bkw skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\snapsnet.exe/data0005 Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\snapsnet.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\thinksnet.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\~DFAA69.tmp Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\~DFB127.tmp Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\QQ0SAXD5\valera[1] Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Matthew\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Matthew\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\iMesh\iMeshV3.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.CommonName.p skipped
C:\Program Files\iMesh\iMeshV3.exe/WISE0025.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Program Files\iMesh\iMeshV3.exe/WISE0025.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Program Files\iMesh\iMeshV3.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Program Files\iMesh\iMeshV3.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.EZula.d skipped
C:\Program Files\iMesh\iMeshV3.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\iMesh\iMeshV3.exe/WISE0029.BIN Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Program Files\iMesh\iMeshV3.exe WiseSFX: infected - 7 skipped
C:\Program Files\Morpheus\Morph20.exe/WISE0014.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.a skipped
C:\Program Files\Morpheus\Morph20.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.a skipped
C:\Program Files\Morpheus\Morph20.exe WiseSFX: infected - 2 skipped
C:\Program Files\Outlook Express\nipyrawi4444.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\Outlook Express\nipyrawi83122.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1152\A0140667.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1152\A0140667.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1153\A0140673.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1153\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1154\A0141006.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1154\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1155\A0141044.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1155\A0141044.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1155\A0141047.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1157\A0141122.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.a skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1157\A0141122.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1157\A0141172.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1157\A0141190.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1163\change.log Object is locked skipped
C:\VundoFix Backups\fcccdcc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\ssqro.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\cdtgmhmm.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\SYSTEM32\CnxDslWz.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DLL2\MMEMDT83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\SYSTEM32\DLL2\MMEMDT83122.exe NSIS: infected - 1 skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\f02WtR\f02WtR1065.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\WINDOWS\SYSTEM32\fcccdcc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\SYSTEM32\GRB3\rwddr2SD.exe Infected: Trojan-Downloader.Win32.Small.fox skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\imhkimgn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\SYSTEM32\mobupd.exe/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.h skipped
C:\WINDOWS\SYSTEM32\mobupd.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.b skipped
C:\WINDOWS\SYSTEM32\mobupd.exe WiseSFX: infected - 2 skipped
C:\WINDOWS\SYSTEM32\omjgusad.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\SYSTEM32\ssqro.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ts skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TTC-4444.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\TTC-4444.exe NSIS: infected - 1 skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

:oops:

Sorry without thinking I posted the spybot log not HijackThis. So I ran HJT and here is the log:

Logfile of HijackThis v1.98.2
Scan saved at 3:08:31 PM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cdtgmhmm.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\Documents and Settings\Matthew\Desktop\Spyware destroyer programs\mathom123.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {82A53A4A-4872-4868-B667-6480C3959DE6} - C:\WINDOWS\system32\ssqro.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: 0 - {9BF6406A-B382-4479-7FA2-3FD717AA7163} - C:\Program Files\MSN Messenger\rybi5.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {CCFEE31B-3123-4288-BF0B-D7EF60D2CB9A} - C:\Program Files\Outlook Express\nipyrawi83122.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\hswreqrt.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\fcccdcc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O2 - BHO: (no name) - {FEC496C8-D64D-4FBE-A81A-43A0619CF86E} - C:\Program Files\Outlook Express\nipyrawi4444.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\dcsadrwo.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

Hello mathom123 and welcome to the Forums :)

You're infected.

You're using an old version of HijackThis, v1.98.2
Please delete this old version from your pc.

Please post a new HijackThis 2.02 log to here.

Download HJTInstall.exe (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to your Desktop.
Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

:bigthumb:

Hello,

Thanks for your help.
I have installed the more current version of HJT and scanned again. Here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:41 PM, on 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\cdtgmhmm.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\rdifpxyy.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\cdtgmhmm.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Messenger\viko.html

--
End of file - 8700 bytes

OK good work, now the cleaning begins :)

Please rename HijackThis.exe to skanneri.exe

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a fresh HijackThis (skanneri.exe) log to here.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

All right here we go. :)
I renamed HJT, downloaded and ran VundoFix. It scanned and found maybe ten files and removed many of them. But it gave a warning that it could not remove four files and told me to restart which I did. Immediately after the restart and my log-in, Vundofix started and I tried to clean the four files again. It got one but after repeated attempts it could not get the other three. Here is a new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:20 PM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\cdtgmhmm.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\cdtgmhmm.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Messenger\viko.html

--
End of file - 8666 bytes

Here is the VundoFix log file from the last run I did.


VundoFix V6.5.9

Checking Java version...

Scan started at 8:36:18 PM 9/26/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\windows\system32\hgwtcmoo.dll
C:\windows\system32\orqss.bak2
C:\windows\system32\orqss.ini
C:\windows\system32\oyuvviil.dll
C:\windows\system32\ssqro.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\hgwtcmoo.dll
C:\windows\system32\hgwtcmoo.dll Has been deleted!

Attempting to delete C:\windows\system32\orqss.bak2
C:\windows\system32\orqss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\oyuvviil.dll
C:\windows\system32\oyuvviil.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 9:39:23 PM 9/26/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\windows\system32\orqss.ini
C:\windows\system32\ssqro.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 10:05:35 PM 9/26/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\windows\system32\orqss.ini
C:\windows\system32\ssqro.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 9:10:09 PM 10/1/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\WINDOWS\system32\hswreqrt.dll
C:\WINDOWS\system32\luslcixq.dll
C:\windows\system32\orqss.bak2
C:\windows\system32\orqss.ini
C:\WINDOWS\system32\qxiclsul.ini
C:\windows\system32\ssqro.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hswreqrt.dll
C:\WINDOWS\system32\hswreqrt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\luslcixq.dll
C:\WINDOWS\system32\luslcixq.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.bak2
C:\windows\system32\orqss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qxiclsul.ini
C:\WINDOWS\system32\qxiclsul.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\luslcixq.dll
C:\WINDOWS\system32\luslcixq.dll Has been deleted!

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 10:41:06 PM 10/1/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\windows\system32\orqss.ini
C:\windows\system32\ssqro.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Hi :)

Are you sure you renamed HijackThis.exe? It doesn't look like that...


1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Ahhh . . . I think you are right. I renamed the shortcut and not the actual program. I've now renamed the program and re-ran the vundofix program. I'm going to post the log from vundofix and HJT after repeating and then I'll run the new program you mentioned.

Here's the Vundofix log:


VundoFix V6.5.9

Checking Java version...

Scan started at 8:36:18 PM 9/26/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\windows\system32\hgwtcmoo.dll
C:\windows\system32\orqss.bak2
C:\windows\system32\orqss.ini
C:\windows\system32\oyuvviil.dll
C:\windows\system32\ssqro.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\hgwtcmoo.dll
C:\windows\system32\hgwtcmoo.dll Has been deleted!

Attempting to delete C:\windows\system32\orqss.bak2
C:\windows\system32\orqss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\oyuvviil.dll
C:\windows\system32\oyuvviil.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 9:39:23 PM 9/26/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\windows\system32\orqss.ini
C:\windows\system32\ssqro.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 10:05:35 PM 9/26/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\windows\system32\orqss.ini
C:\windows\system32\ssqro.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 9:10:09 PM 10/1/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\WINDOWS\system32\hswreqrt.dll
C:\WINDOWS\system32\luslcixq.dll
C:\windows\system32\orqss.bak2
C:\windows\system32\orqss.ini
C:\WINDOWS\system32\qxiclsul.ini
C:\windows\system32\ssqro.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hswreqrt.dll
C:\WINDOWS\system32\hswreqrt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\luslcixq.dll
C:\WINDOWS\system32\luslcixq.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.bak2
C:\windows\system32\orqss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qxiclsul.ini
C:\WINDOWS\system32\qxiclsul.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\luslcixq.dll
C:\WINDOWS\system32\luslcixq.dll Has been deleted!

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 10:41:06 PM 10/1/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\windows\system32\orqss.ini
C:\windows\system32\ssqro.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 8:26:52 PM 10/2/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\WINDOWS\system32\nfjsgavb.dll
C:\windows\system32\orqss.bak2
C:\windows\system32\orqss.ini
C:\windows\system32\ssqro.dll
C:\WINDOWS\system32\xvquomjf.dll
C:\WINDOWS\system32\ymrpakax.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\nfjsgavb.dll
C:\WINDOWS\system32\nfjsgavb.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.bak2
C:\windows\system32\orqss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xvquomjf.dll
C:\WINDOWS\system32\xvquomjf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ymrpakax.dll
C:\WINDOWS\system32\ymrpakax.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\nfjsgavb.dll
C:\WINDOWS\system32\nfjsgavb.dll Has been deleted!

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xvquomjf.dll
C:\WINDOWS\system32\xvquomjf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ymrpakax.dll
C:\WINDOWS\system32\ymrpakax.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 8:49:09 PM 10/2/2007

Listing files found while scanning....

C:\windows\system32\fcccdcc.dll
C:\windows\system32\orqss.ini
C:\windows\system32\ssqro.dll

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Could not be deleted.

Attempting to delete C:\windows\system32\orqss.ini
C:\windows\system32\orqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqro.dll
C:\windows\system32\ssqro.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fcccdcc.dll
C:\windows\system32\fcccdcc.dll Has been deleted!

Performing Repairs to the registry.
Done!

Here is the scanneri (HJT) log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:51 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\cdtgmhmm.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Snanneri.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {584AD3C1-95F0-4A23-939B-50DB7047D4FF} - C:\Program Files\MSN Messenger\rybi596.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {CCFEE31B-3123-4288-BF0B-D7EF60D2CB9A} - C:\Program Files\Outlook Express\nipyrawi83122.dll
O2 - BHO: (no name) - {FA3810BC-70FA-43DE-BA78-D46048DD0023} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O2 - BHO: (no name) - {FEC496C8-D64D-4FBE-A81A-43A0619CF86E} - C:\Program Files\Outlook Express\nipyrawi4444.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\cdtgmhmm.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Messenger\viko.html

--
End of file - 10174 bytes

Okay, I downloaded the ComboFix and ran it. Here is it's log:

ComboFix 07-10-03.5 - Matthew 2007-10-02 21:09:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247 [GMT -5:00]
Running from: C:\Documents and Settings\Matthew\Desktop\ComboFix.exe
* Created a new restore point
.
/wow section - STAGE 29

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Program Files\MSN Messenger\rybi.dll
C:\Program Files\MSN Messenger\rybi122.dll
C:\Program Files\MSN Messenger\rybi127.dll
C:\Program Files\MSN Messenger\rybi32.dll
C:\Program Files\MSN Messenger\rybi347.dll
C:\Program Files\MSN Messenger\rybi424.dll
C:\Program Files\MSN Messenger\rybi5.dll
C:\Program Files\MSN Messenger\rybi54.dll
C:\Program Files\MSN Messenger\rybi596.dll
C:\Program Files\MSN Messenger\rybi653.dll
C:\Program Files\MSN Messenger\rybi750.dll
C:\Program Files\MSN Messenger\rybiNaN.dll
C:\Program Files\MSN Messenger\viko.html
C:\Program Files\Outlook Express\nipyrawi4444.dll
C:\Program Files\Outlook Express\nipyrawi83122.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\cdtgmhmm.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\fjnottre.exe
C:\WINDOWS\system32\hfavqwbh.exe
C:\WINDOWS\system32\imhkimgn.exe
C:\WINDOWS\SYSTEM32\jnnqbsvt.ini
C:\WINDOWS\system32\omjgusad.exe
C:\WINDOWS\system32\ooxvjqfy.exe
C:\WINDOWS\system32\pfodoxdw.dll
C:\WINDOWS\system32\qfkndynf.exe
C:\WINDOWS\system32\tvsbqnnj.dll
C:\WINDOWS\SYSTEM32\wdxodofp.ini
C:\WINDOWS\system32\wnhbwyqi.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\DomainService
-------\nm


((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 )))))))))))))))))))))))))))))))
.

2007-10-02 21:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-02 20:54 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2007-09-30 17:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-26 22:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-09-26 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-26 20:36 <DIR> d-------- C:\VundoFix Backups
2007-09-23 15:08 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-09-22 20:42 <DIR> d-------- C:\Program Files\MSBuild
2007-09-22 20:36 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2007-09-22 20:34 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-09-22 20:32 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2007-09-22 20:15 <DIR> d-------- C:\Program Files\Red Kawa
2007-09-22 20:15 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-09-16 02:25 685,816 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
2007-09-15 01:16 <DIR> d--hs---- C:\WINDOWS\TWF0dGhldw
2007-09-15 01:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-09-15 01:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\GRB3
2007-09-15 01:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\DLL2
2007-09-12 18:29 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\InstallShield Installation Information
2007-09-04 14:44 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 21:14 --------- d-------- C:\Program Files\MSN Messenger
2007-10-02 00:47 --------- d-------- C:\Documents and Settings\Matthew\Application Data\Skype
2007-09-26 20:24 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-24 22:27 --------- d-------- C:\Program Files\Morpheus
2007-09-24 22:25 --------- d-------- C:\Program Files\Microsoft Games
2007-09-21 22:19 --------- d-------- C:\Program Files\SpywareBlaster
2007-09-15 22:57 --------- d-------- C:\Program Files\WinAce
2007-09-15 18:08 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-15 18:08 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-04 15:11 --------- d-------- C:\Documents and Settings\Matthew\Application Data\My Games
2007-08-20 16:29 --------- d-------- C:\Program Files\Lavasoft
2007-08-20 16:29 --------- d-------- C:\Documents and Settings\Matthew\Application Data\Lavasoft
2007-08-20 16:29 --------- d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-20 16:27 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2003-05-27 18:17 1177 --a------ C:\Program Files\INSTALL.LOG
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\TWF0dGhldw\nqIXx315xT.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA3810BC-70FA-43DE-BA78-D46048DD0023}]
C:\WINDOWS\system32\ssqro.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell|Alert"="C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [2002-04-03 18:06]
"CnxDslTaskBar"="C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe" [2002-07-11 15:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-29 18:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-14 14:17]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-11-19 07:15]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-22 11:42]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"nwiz"="nwiz.exe" [2006-06-01 17:22 C:\WINDOWS\SYSTEM32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe [2005-10-12 17:37:41]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe [2005-10-12 17:37:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R2 DgiVecp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgiVecp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;C:\WINDOWS\system32\DRIVERS\wg121nd5.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 CnxEtP;Conexant AccessRunner USB ADSL LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
S3 CnxTgN;Conexant AccessRunner USB ADSL LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 USBFVNETR;NETGEAR MA101 USB Adapter;C:\WINDOWS\system32\DRIVERS\ma101rnd.sys
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusbxp.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 20:41:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090262454.job"
"2007-10-03 02:19:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 21:19:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-02 21:21:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-02 21:21
.
--- E O F ---

Hi again, we'll continue :)

Open notepad and copy/paste the text in the quotebox below into it:


Folder::
C:\WINDOWS\TWF0dGhldw
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\WINDOWS\SYSTEM32\GRB3
C:\WINDOWS\SYSTEM32\DLL2

File::
C:\WINDOWS\system32\ssqro.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA3810BC-70FA-43DE-BA78-D46048DD0023}]




Save this as "CFScript"

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Hello,

I did as you asked and ComboFix ran again and posted the following log. It didn't ask to re-start.

ComboFix 07-10-03.5 - Matthew 2007-10-03 16:04:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.248 [GMT -5:00]
Running from: C:\Documents and Settings\Matthew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Matthew\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\ssqro.dll
.
/wow section - STAGE 29

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\WINDOWS\SYSTEM32\DLL2
C:\WINDOWS\SYSTEM32\DLL2\MMEMDT83122.exe
C:\WINDOWS\SYSTEM32\GRB3
C:\WINDOWS\SYSTEM32\GRB3\rwddr2SD.exe
C:\WINDOWS\TWF0dGhldw
C:\WINDOWS\TWF0dGhldw\nqIXx315xT.vbs

.
((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 )))))))))))))))))))))))))))))))
.

2007-10-02 21:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-02 20:54 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2007-09-30 17:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-26 22:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-09-26 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-26 20:36 <DIR> d-------- C:\VundoFix Backups
2007-09-23 15:08 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-09-22 20:42 <DIR> d-------- C:\Program Files\MSBuild
2007-09-22 20:36 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2007-09-22 20:34 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-09-22 20:32 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2007-09-22 20:15 <DIR> d-------- C:\Program Files\Red Kawa
2007-09-22 20:15 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-09-16 02:25 685,816 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
2007-09-12 18:29 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\InstallShield Installation Information
2007-09-04 14:44 <DIR> d-------- C:\Documents and Settings\Matthew\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 21:14 --------- d-------- C:\Program Files\MSN Messenger
2007-10-02 00:47 --------- d-------- C:\Documents and Settings\Matthew\Application Data\Skype
2007-09-26 20:24 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-24 22:27 --------- d-------- C:\Program Files\Morpheus
2007-09-24 22:25 --------- d-------- C:\Program Files\Microsoft Games
2007-09-21 22:19 --------- d-------- C:\Program Files\SpywareBlaster
2007-09-15 22:57 --------- d-------- C:\Program Files\WinAce
2007-09-15 18:08 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-15 18:08 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-04 15:11 --------- d-------- C:\Documents and Settings\Matthew\Application Data\My Games
2007-08-20 16:29 --------- d-------- C:\Program Files\Lavasoft
2007-08-20 16:29 --------- d-------- C:\Documents and Settings\Matthew\Application Data\Lavasoft
2007-08-20 16:29 --------- d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-20 16:27 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-07-12 18:31 765952 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2003-05-27 18:17 1177 --a------ C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell|Alert"="C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [2002-04-03 18:06]
"CnxDslTaskBar"="C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe" [2002-07-11 15:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-29 18:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-14 14:17]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-11-19 07:15]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-22 11:42]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"nwiz"="nwiz.exe" [2006-06-01 17:22 C:\WINDOWS\SYSTEM32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe [2005-10-12 17:37:41]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe [2005-10-12 17:37:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R2 DgiVecp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgiVecp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;C:\WINDOWS\system32\DRIVERS\wg121nd5.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 CnxEtP;Conexant AccessRunner USB ADSL LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
S3 CnxTgN;Conexant AccessRunner USB ADSL LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 USBFVNETR;NETGEAR MA101 USB Adapter;C:\WINDOWS\system32\DRIVERS\ma101rnd.sys
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusbxp.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 20:41:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090262454.job"
"2007-10-03 21:09:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 16:10:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-03 16:12:05
C:\ComboFix-quarantined-files.txt ... 2007-10-03 16:11
C:\ComboFix2.txt ... 2007-10-02 21:21
.
--- E O F ---

All right I think we're making progress. :)

My explorer is no longer opening by itself to ad pages.

Here is a new HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:38 PM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Snanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

--
End of file - 9364 bytes

Yes, better :)

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)

Please run the F-Secure Online Scanner (http://support.f-secure.com/enu/home/ols.shtml)

Note: This Scanner is for Internet Explorer Only!
Follow the Instruction Here (http://support.f-secure.com/enu/home/ols3.shtml) for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijackThis log

All right here we go. This is the F-Secure Online log.

Scanning Report
Thursday, October 04, 2007 18:26:41 - 22:44:20

Computer name: MATTANDTATI
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 95 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System

Trojan-Downloader.Win32.Small.fox (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1169\A0142050.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Tiny.id (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1153\A0140673.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.VB.bgd (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141886.EXE (Renamed & Submitted)

Trojan.Win32.Agent.bck (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141860.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141861.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141862.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141863.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141864.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141865.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141866.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141867.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1157\A0141172.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1157\A0141190.EXE (Renamed & Submitted)

Trojan.Win32.BHO.ab (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141868.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141869.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141870.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141871.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141872.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141873.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141874.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141875.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141876.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141877.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141878.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141879.DLL (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141888.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1167\A0141673.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1167\A0141739.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1167\A0141813.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1166\A0141566.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1166\A0141608.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1166\A0141634.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1165\A0141501.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1165\A0141533.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1164\A0141407.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1164\A0141471.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1163\A0141363.EXE (Renamed & Submitted)

Vundo.gen38 (virus)

* C:\WINDOWS\SYSTEM32\MMMVSIMR.INI (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1163\A0141343.INI (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1163\A0141359.INI (Submitted)

Vundo.gen39 (virus)

* C:\WINDOWS\SYSTEM32\CVVAVBUN.INI (Submitted)
* C:\WINDOWS\SYSTEM32\XAKAPRMY.INI (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1158\A0141207.INI (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1157\A0141169.INI (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1157\A0141203.INI (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1156\A0141074.INI (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1155\A0141059.INI (Submitted)

W32/Smalltroj.BLGW (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1165\A0141476.DLL (Submitted)

W32/TTC.DX.dropper (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1169\A0142049.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1168\A0141889.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1167\A0141672.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1167\A0141738.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1167\A0141811.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1166\A0141564.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1166\A0141607.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1166\A0141632.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1165\A0141500.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1165\A0141532.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1164\A0141405.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1164\A0141470.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1163\A0141328.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1163\A0141361.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1155\A0141044.EXE (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1152\A0140667.EXE (Submitted)

W32/Vundo.U (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1164\A0141391.DLL (Submitted)

W32/Vundo.dam (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1167\A0141695.DLL (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1167\A0141825.DLL (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1167\A0141835.DLL (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1162\A0141267.DLL (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1162\A0141268.DLL (Submitted)

Statistics
Scanned:

* Files: 69520
* System: 6128
* Not scanned: 4

Actions:

* Disinfected: 1
* Renamed: 37
* Deleted: 0
* None: 57
* Submitted: 70

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure AVP: 7.0.171, 2007-10-04
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0597-150-72
* F-Secure Libra: 2.4.2, 2007-10-04
* F-Secure Orion: 1.2.37, 2007-10-05
* F-Secure Pegasus: 1.19.0, 2007-09-02

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Here is the new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:17 PM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\MOZILLA\FIREFOX\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\Snanneri.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

--
End of file - 9098 bytes

Hi Mr_JAk3,

Just wanted to say thanks for your help so far. Congratulations I just saw in the news that Finland was ranked number 1 in terms of environmental impact on citizens health. Anyway, I just wanted to let you know I will be traveling for the next two days and won't be able to work more on the virus until Sunday. Have a nice weekend.

Hi again :)

Thanks, I love my country ;)

Looks pretty good now. How is the computer running?

You don't seem to have a third-party firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
Comodo (http://www.personalfirewall.comodo.com)

You don't have an antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) on your computer, you must install one antivirus. Otherwise you'll get infected again.

These are good (free) antiviruses: AVG (http://free.grisoft.com)
Antivir (http://www.free-av.com)
Avast (http://www.avast.com)

Post a one more HijackThis log.

Hello,

I'm back. My computer seems to be running fine now. There are no unexpected MS Internet Explorer windows opening on their own or Firefox tabs opening by themselves either. Also the computer isn't freezing for unexplained reasons. Looks good. :bigthumb:

Thanks for all your help. I took your advice and installed a firewall and anti-virus program ( Comodo and Avast ). Here is the last ( hopefully ) HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:31 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MOZILLA\FIREFOX\FIREFOX.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trend Micro\HijackThis\Snanneri.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Vitelcom\Messenger ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

--
End of file - 10160 bytes

looks good :)

You can remove the tools we used.

Then you should update your Java to the latest version (6u3) Start
Control Panel
Add/Remove Programs
Delete the old Java,
J2SE Runtime Environment 6.0 Update 2

Download the latest version of Java Runtime Environment (JRE) 6u3 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it


=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.

Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.

Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.

Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.

Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.

Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.

Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)

Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.

Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?

Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Stay clean and be safe ;)