:sad: Been working at getting rid of the Virtuomonde Trojan...but it never disappears...Any help would be greatly appreciated. Thank you for your time in advanced!

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:39 PM, on 31/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\explorer.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xenophase.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: WebPerform - {AB692F9B-27FE-4511-8885-ED62BB45197B} - C:\Windows\system32\webperform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkKBrSM.dll,#1
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\k625\AppData\Local\Temp\urqOGXqR.dll,#1
O4 - HKCU\..\Run: [28f09281] rundll32.exe "C:\Users\k625\AppData\Local\Temp\jexbhoyx.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\k625\AppData\Local\Temp\hgGxUNHy.dll,c
O4 - HKCU\..\Run: Rundll32.exe "C:\Users\k625\AppData\Local\Temp\hoggvrky.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: msadvisor.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10687 bytes

[B]Kaspersky Report

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 31, 2008 8:11:50 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/05/2008
Kaspersky Anti-Virus database records: 819549
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 185294
Number of viruses found: 5
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 02:11:04

Infected Object Name / Virus Name / Last Action
C:\$Recycle.Bin\S-1-5-21-2082219412-4052029633-3517061324-1000\$RFMA7PT.rar/Nero-8.3.2.1_eng_f.u.l.l/Nero-8.3.2.1_eng_trial_2.exe/data0000.cab/NERO-8~1.EXE/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\$Recycle.Bin\S-1-5-21-2082219412-4052029633-3517061324-1000\$RFMA7PT.rar/Nero-8.3.2.1_eng_f.u.l.l/Nero-8.3.2.1_eng_trial_2.exe/data0000.cab/NERO-8~1.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\$Recycle.Bin\S-1-5-21-2082219412-4052029633-3517061324-1000\$RFMA7PT.rar/Nero-8.3.2.1_eng_f.u.l.l/Nero-8.3.2.1_eng_trial_2.exe/data0000.cab Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\$Recycle.Bin\S-1-5-21-2082219412-4052029633-3517061324-1000\$RFMA7PT.rar/Nero-8.3.2.1_eng_f.u.l.l/Nero-8.3.2.1_eng_trial_2.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\$Recycle.Bin\S-1-5-21-2082219412-4052029633-3517061324-1000\$RFMA7PT.rar RAR: infected - 4 skipped
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1ed9b1b05f2aa109a72079fc7f60a9a3_46c94899-1d93-4a6a-bdfe-0f23b5092831 Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008053120080601\index.dat Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VE7I117\kb456456[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7VE7I117\kb516107[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.vqh skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CA1Z4D80 Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CA1ZP09N Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CA24QA2N Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CA2GHEJR Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CA2T80ZT Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CA4HG2QH Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CA4SQP8X Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CA5VO5PR Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CA6VDDTN Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CA804FTM Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CACGRBL1 Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CAD2QT7H Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CAL239AK Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CARY17Q2 Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CAS17RV7 Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CAS7I8MU Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CASM2KZM Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CATC2LJB Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CATZWYQ0 Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CAXO4NDS Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3QRNCBG\kb767887CAZM15EX Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\UsrClass.dat{95eb5394-bca0-11dc-a932-001bb987dc11}.TM.blf Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\UsrClass.dat{95eb5394-bca0-11dc-a932-001bb987dc11}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\UsrClass.dat{95eb5394-bca0-11dc-a932-001bb987dc11}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c33531e\Report.cab/urqOGXqR.dll.xor Infected: Trojan.Win32.Agent.qrv skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c33531e\Report.cab CAB: infected - 1 skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c6a9433\Report.cab/fccyvUnL.dll.xor Infected: Trojan.Win32.Agent.qrv skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c6a9433\Report.cab CAB: infected - 1 skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c6e3ee3\Report.cab/hgGabCUN.dll.xor Infected: Trojan.Win32.Agent.qrv skipped
C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c6e3ee3\Report.cab CAB: infected - 1 skipped
C:\Users\k625\AppData\Local\Microsoft\Windows Live Contacts\endless-serenade@hotmail.com\real\members.stg Object is locked skipped
C:\Users\k625\AppData\Local\Microsoft\Windows Live Contacts\endless-serenade@hotmail.com\shadow\members.stg Object is locked skipped
C:\Users\k625\AppData\Local\Mozilla\Firefox\Profiles\oxbg8rgu.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\k625\AppData\Local\Mozilla\Firefox\Profiles\oxbg8rgu.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\k625\AppData\Local\Mozilla\Firefox\Profiles\oxbg8rgu.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\k625\AppData\Local\Mozilla\Firefox\Profiles\oxbg8rgu.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\k625\AppData\Local\Mozilla\Firefox\Profiles\oxbg8rgu.default\XUL.mfl Object is locked skipped
C:\Users\k625\AppData\Local\Temp\~DF2339.tmp Object is locked skipped
C:\Users\k625\AppData\Local\Temp\~DF2343.tmp Object is locked skipped
C:\Users\k625\AppData\Local\Temp\~DFB8A7.tmp Object is locked skipped
C:\Users\k625\AppData\Local\Temp\~DFF156.tmp Object is locked skipped
C:\Users\k625\AppData\Local\Temp\~DFF227.tmp Object is locked skipped
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cert8.db Object is locked skipped
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\formhistory.dat Object is locked skipped
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\history.dat Object is locked skipped
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\key3.db Object is locked skipped
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\parent.lock Object is locked skipped
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\search.sqlite Object is locked skipped
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\k625\Documents\My Chat Logs\May 2008\a_b248@hotmail.com.html Object is locked skipped
C:\Users\k625\ntuser.dat Object is locked skipped
C:\Users\k625\ntuser.dat.LOG1 Object is locked skipped
C:\Users\k625\ntuser.dat.LOG2 Object is locked skipped
C:\Users\k625\ntuser.dat{28a3e59d-2ed4-11dd-9ed5-001bb987dc11}.TM.blf Object is locked skipped
C:\Users\k625\ntuser.dat{28a3e59d-2ed4-11dd-9ed5-001bb987dc11}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\k625\ntuser.dat{28a3e59d-2ed4-11dd-9ed5-001bb987dc11}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\components Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\default Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\sam Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\security Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\software Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\system Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Many of the tools we use will not run on Vista and I am still learning how to clean this Operating System. I can make no promises because of this other than I am willing to do my bestto help. If that works for you and you still need the help, start like this.

1) Boot mode: Safe mode with network support
Please post all HijackThis logs in Normal mode unless I request otherwise.

2) C:\Program Files\Grisoft\AVG7\ <<< unless I am wrong, and I just updated on two of my computers, this is out of date.
You must have a current antivirus program, if you intend to run AVG 8 (free) update to it:
http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
Once you are updated, run a complete system scan and remove what it found. I would like you to save the report and post it for me so I can see what of your infection was removed.
Post that report along with a new HJT log run in normal mode.

Thanks

This would the the HJT log in Normal mode.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:22 PM, on 01/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xenophase.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: WebPerform - {AB692F9B-27FE-4511-8885-ED62BB45197B} - C:\Windows\system32\webperform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkKBrSM.dll,#1
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\k625\AppData\Local\Temp\urqOGXqR.dll,#1
O4 - HKCU\..\Run: [28f09281] rundll32.exe "C:\Users\k625\AppData\Local\Temp\fyyjbali.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\k625\AppData\Local\Temp\hgGxUNHy.dll,c
O4 - HKCU\..\Run: Rundll32.exe "C:\Users\k625\AppData\Local\Temp\vhryhysh.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: msadvisor.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11300 bytes

[B]And here's the AVG 8.0 results. I'm hoping this is what you asked for.

Scan "Scan whole computer" was finished.
Infections found:;"2"
Infected objects removed or healed;"2"
Not removed or healed.;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"123"
Information count:;"0"
Scan started:;"June-01-08, 3:15:55 PM"
Total object scanned:;"1329011"
Time needed:;"2 hour(s) 14 minute(s) 8 second(s) "
Errors encountered:;"0"

Infections
File;"Infection";"Result"
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICG30SOS\Setup2[1].exe;"Virus found Win32/Heur";"Moved to Virus Vault"
C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICG30SOS\Setup2[2].exe;"Virus found Win32/Heur";"Moved to Virus Vault"

Warnings
File;"Infection";"Result"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00110011-4B0B-44D5-9718-90C88817369B};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{086AE192-23A6-48D6-96EC-715F53797E85};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11904CE8-632A-4856-A7CC-00B33FE71BD8};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{150FA160-130D-451F-B863-B655061432BA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C4DA27D-4D52-4465-A089-98E01BB725CA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C78AB3F-A857-482e-80C0-3A1E5238A565};"Found Adware.Isearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D38A51A-23C9-48a1-A33C-48675AA2B494};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E};"Found Adware.NewDotNet";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8333C319-0669-4893-A418-F56D9249FCA6};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88D758A3-D33B-45FD-91E3-67749B4057FA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-ABED-709549C10000};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-717765721306};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2B2B5A1-B48C-4886-A318-723916A01024};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FD9BC004-8331-4457-B830-4759FF704C22};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880};"Found Adware.Generic";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFD2825E-0785-40C5-9A41-518F53A8261F};"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@2o7[2].txt:\2o7.net.1913101d;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@2o7[2].txt:\2o7.net.484dbb69;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@2o7[2].txt:\2o7.net.92b4d8ae;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@2o7[2].txt:\2o7.net.bab0b6da;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@2o7[2].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@adbrite[2].txt:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@adbrite[2].txt:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@adbrite[2].txt;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@advertising[2].txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@advertising[2].txt:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@advertising[2].txt:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@advertising[2].txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@advertising[2].txt;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@m.webtrends[2].txt;"Found Tracking cookie.Webtrends";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@questionmarket[2].txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@questionmarket[2].txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@questionmarket[2].txt;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@real[2].txt:\real.com.66561182;"Found Tracking cookie.Real";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@real[2].txt;"Found Tracking cookie.Real";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@tribalfusion[1].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\k625@tribalfusion[1].txt;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@2o7[2].txt:\2o7.net.bab0b6da;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@2o7[2].txt:\2o7.net.92b4d8ae;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@2o7[2].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@doubleclick[1].txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@doubleclick[1].txt;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@fastclick[2].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@fastclick[2].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@fastclick[2].txt:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@fastclick[2].txt:\fastclick.net.19d0b716;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@fastclick[2].txt;"Found Tracking cookie.Fastclick";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@m.webtrends[2].txt;"Found Tracking cookie.Webtrends";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@msnportal.112.2o7[1].txt;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@questionmarket[2].txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@questionmarket[2].txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@questionmarket[2].txt;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@tribalfusion[2].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Microsoft\Windows\Cookies\Low\k625@tribalfusion[2].txt;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.4c502d08;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.41207ad0;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.46d365af;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.a2eb28a1;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.53eb9837;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.d2aa96c8;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.81e2ccda;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.c22c53a0;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.b6fab99f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.b1392d66;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.68c00d5d;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.ec4774bb;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\2o7.net.df331e4c;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\adbrite.com.557c9f74;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\valueclick.net.85648628;"Found Tracking cookie.Valueclick";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\247realmedia.com.855b46d;"Found Tracking cookie.247realmedia";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\adopt.euroclick.com.fb764ef7;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\adopt.euroclick.com.891542da;"Found Tracking cookie.Euroclick";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\estat.com.efda7a5a;"Found Tracking cookie.Estat";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\hypertracker.com.dff37e36;"Found Tracking cookie.Hypertracker";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\ivwbox.de.41d82fe2;"Found Tracking cookie.Ivwbox";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\realmedia.com.e14be39e;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\realmedia.com.68087763;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\realmedia.com.125a868c;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\realmedia.com.ef906bac;"Found Tracking cookie.Realmedia";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\revsci.net.d14b07f1;"Found Tracking cookie.Revsci";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\tacoda.net.a3218a37;"Found Tracking cookie.Tacoda";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\yadro.ru.c77afad5;"Found Tracking cookie.Yadro";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\ad.yieldmanager.com.cf5393df;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt:\searchportal.information.com.3a8d7204;"Found Tracking cookie.Information";"Potentially dangerous object"
C:\Users\k625\AppData\Roaming\Mozilla\Firefox\Profiles\oxbg8rgu.default\cookies.txt;"Found Tracking cookie.2o7";"Potentially dangerous object"

Thanks for the HijackThis log, let's do this and see how it goes.

KASPERSKY ONLINE SCANNER REPORT Saturday, May 31, 2008 8:11:50 PM
C:\$Recycle.Bin\ <<< empty the Recycle Bin

C:\Users\k625\AppData\Local\Microsoft\Windows\Temporary Internet Files\ <<< delete the contents of the folder in Red

Delete these infected items)
C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c33531e\Report.cab/urqOGXqR.dll.xor ------> Trojan.Win32.Agent.qrv
C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c6a9433\Report.cab/fccyvUnL.dll.xor ------> Trojan.Win32.Agent.qrv
C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c6e3ee3\Report.cab/hgGabCUN.dll.xor ------> Trojan.Win32.Agent.qrv

Restart the computer.

Download Malwarebytes' Anti-Malware to your desktop.
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Thanks

Sorry to bother, but how do I delete the infected files? They are in a .rar file...so do I delete the .rar file entirely? Or is there some other way to delete the file from the .rar?

You did not give me much information, where are these files? If they are old TIF files, don't worry about them, the infection is recent, you know about when it occured. Heres the Google:

http://www.google.com/search?hl=en&q=how+to+delete+a+.rar+file&btnG=Google+Search

Sorry about the lack of information.

The infected files:

C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c33531e\Report.cab/urqOGXqR.dll.xor
C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c6a9433\Report.cab/fccyvUnL.dll.xor
C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c6e3ee3\Report.cab/hgGabCUN.dll.xor

are located inside a WinRar Archive file, in the folder C:\Users\k625\AppData\Local\Microsoft\Windows\WER\ReportArchive

The file type is "File xor", and I'm unsure of how I would remove of the file if it is inside the WinRar archive, as I can't delete it out of the archive file. I was thinking to just delete the entire archive file, but I'm not too sure about what would happen if I did.

These files are on your computer, you don't know what they are?
Having never used Windows Vista, I have no idea. Try asking at a forum that deals with the operating system:
http://help.lockergnome.com/vista/
http://thevistaforums.com/

http://www.google.com/search?hl=en&q=.xor+files&btnG=Search
Perhaps it is of no threat to you since it is zipped and archived?

Why not move on to the MBAM scan, continue the cleanup and resolve that issue when you can.

Thanks

This is the new HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:01 PM, on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Ragnarok Frontier\rfexe.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xenophase.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: WebPerform - {AB692F9B-27FE-4511-8885-ED62BB45197B} - C:\Windows\system32\webperform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11028 bytes

And this would be the MBAM Scan Log

--

Malwarebytes' Anti-Malware 1.14
Database version: 816

8:03:02 PM 02/06/2008
mbam-log-6-2-2008 (20-03-02).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 232830
Time elapsed: 1 hour(s), 26 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{166bcb27-fcfd-4588-9bdb-44fc6a02ef35} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{166bcb27-fcfd-4588-9bdb-44fc6a02ef35} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28f09281 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2bc3a11d (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks for you time!

Thanks for returning your information. MBAM did locate issues in your registry and cleaned them

C:\Program Files\Java\jre1.6.0_05\ <<< update your Java program, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(Leave the HP redirects if you use them)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Everything I can see looks good, how is the computer running?

Thanks

:laugh: My computer running just fine! It's all thanks to you too!

Again, I'd like to thank you for you time and effort in helping me with my various computer problems. My English Project thanks you too!

Thanks for the feedback:bigthumb:


Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.