i have many virus. this is my little brothers computer and i need some help. here is my hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 1:41:19 PM, on 7/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\EVREYBODY'S\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://62.4.84.53/trafc-2/rfe.php?nid=ap&cmp=aol&uid=A0D38C72CA6311DA8C83000B6AC2AAE3&guid=84491f05+5692575C254944B4816FD2676C27C45B&lid=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 66.180.173.39 www.google.ae
O1 - Hosts: 66.180.173.39 www.google.am
O1 - Hosts: 66.180.173.39 www.google.as
O1 - Hosts: 66.180.173.39 www.google.at
O1 - Hosts: 66.180.173.39 www.google.az
O1 - Hosts: 66.180.173.39 www.google.be
O1 - Hosts: 66.180.173.39 www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca
O1 - Hosts: 66.180.173.39 www.google.cd
O1 - Hosts: 66.180.173.39 www.google.cg
O1 - Hosts: 66.180.173.39 www.google.ch
O1 - Hosts: 66.180.173.39 www.google.ci
O1 - Hosts: 66.180.173.39 www.google.cl
O1 - Hosts: 66.180.173.39 www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu
O1 - Hosts: 66.180.173.39 www.google.co.il
O1 - Hosts: 66.180.173.39 www.google.co.in
O1 - Hosts: 66.180.173.39 www.google.co.je
O1 - Hosts: 66.180.173.39 www.google.co.jp
O1 - Hosts: 66.180.173.39 www.google.co.ke
O1 - Hosts: 66.180.173.39 www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls
O1 - Hosts: 66.180.173.39 www.google.co.nz
O1 - Hosts: 66.180.173.39 www.google.co.th
O1 - Hosts: 66.180.173.39 www.google.co.ug
O1 - Hosts: 66.180.173.39 www.google.co.uk
O1 - Hosts: 66.180.173.39 www.google.co.ve
O1 - Hosts: 66.180.173.39 www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag
O1 - Hosts: 66.180.173.39 www.google.com.ar
O1 - Hosts: 66.180.173.39 www.google.com.au
O1 - Hosts: 66.180.173.39 www.google.com.br
O1 - Hosts: 66.180.173.39 www.google.com.co
O1 - Hosts: 66.180.173.39 www.google.com.cu
O1 - Hosts: 66.180.173.39 www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec
O1 - Hosts: 66.180.173.39 www.google.com.fj
O1 - Hosts: 66.180.173.39 www.google.com.gi
O1 - Hosts: 66.180.173.39 www.google.com.gr
O1 - Hosts: 66.180.173.39 www.google.com.gt
O1 - Hosts: 66.180.173.39 www.google.com.hk
O1 - Hosts: 66.180.173.39 www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt
O1 - Hosts: 66.180.173.39 www.google.com.mx
O1 - Hosts: 66.180.173.39 www.google.com.my
O1 - Hosts: 66.180.173.39 www.google.com.na
O1 - Hosts: 66.180.173.39 www.google.com.nf
O1 - Hosts: 66.180.173.39 www.google.com.ni
O1 - Hosts: 66.180.173.39 www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa
O1 - Hosts: 66.180.173.39 www.google.com.pe
O1 - Hosts: 66.180.173.39 www.google.com.ph
O1 - Hosts: 66.180.173.39 www.google.com.pk
O1 - Hosts: 66.180.173.39 www.google.com.pr
O1 - Hosts: 66.180.173.39 www.google.com.py
O1 - Hosts: 66.180.173.39 www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg
O1 - Hosts: 66.180.173.39 www.google.com.sv
O1 - Hosts: 66.180.173.39 www.google.com.tr
O1 - Hosts: 66.180.173.39 www.google.com.tw
O1 - Hosts: 66.180.173.39 www.google.com.ua
O1 - Hosts: 66.180.173.39 www.google.com.uy
O1 - Hosts: 66.180.173.39 www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn
O1 - Hosts: 66.180.173.39 www.google.de
O1 - Hosts: 66.180.173.39 www.google.dj
O1 - Hosts: 66.180.173.39 www.google.dk
O1 - Hosts: 66.180.173.39 www.google.es
O1 - Hosts: 66.180.173.39 www.google.fi
O1 - Hosts: 66.180.173.39 www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr
O1 - Hosts: 66.180.173.39 www.google.gg
O1 - Hosts: 66.180.173.39 www.google.gl
O1 - Hosts: 66.180.173.39 www.google.gm
O1 - Hosts: 66.180.173.39 www.google.hn
O1 - Hosts: 66.180.173.39 www.google.ie
O1 - Hosts: 66.180.173.39 www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz
O1 - Hosts: 66.180.173.39 www.google.li
O1 - Hosts: 66.180.173.39 www.google.lt
O1 - Hosts: 66.180.173.39 www.google.lu
O1 - Hosts: 66.180.173.39 www.google.lv
O1 - Hosts: 66.180.173.39 www.google.mn
O1 - Hosts: 66.180.173.39 www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu
O1 - Hosts: 66.180.173.39 www.google.mw
O1 - Hosts: 66.180.173.39 www.google.nl
O1 - Hosts: 66.180.173.39 www.google.no
O1 - Hosts: 66.180.173.39 www.google.off.ai
O1 - Hosts: 66.180.173.39 www.google.pl
O1 - Hosts: 66.180.173.39 www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt
O1 - Hosts: 66.180.173.39 www.google.ro
O1 - Hosts: 66.180.173.39 www.google.ru
O1 - Hosts: 66.180.173.39 www.google.rw
O1 - Hosts: 66.180.173.39 www.google.se
O1 - Hosts: 66.180.173.39 www.google.sh
O1 - Hosts: 66.180.173.39 www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm
O1 - Hosts: 66.180.173.39 www.google.td
O1 - Hosts: 66.180.173.39 www.google.tm
O2 - BHO: (no name) - {12C55E2D-E8C5-C817-E63D-CD19127E879F} - (no file)
O2 - BHO: (no name) - {229DCCDF-7C35-02EA-4A07-5E801800B49C} - (no file)
O2 - BHO: (no name) - {2BA75E5A-E8ED-C368-98CB-92FC2C8CBB9A} - (no file)
O2 - BHO: (no name) - {3527012C-BEC6-9541-B5A6-C459A5F7FECA} - (no file)
O2 - BHO: (no name) - {3F5B6C52-82BE-F86C-C3AF-F48ADBD4ACCD} - (no file)
O2 - BHO: (no name) - {3FE0309D-8921-F6A2-0E95-F74A37A8F194} - C:\WINDOWS\System32\avbqvnh.dll
O2 - BHO: (no name) - {3FF694DA-2F34-5BB5-42C5-57A02A89FEC4} - (no file)
O2 - BHO: (no name) - {485B6481-8F3C-A3EE-47E5-A5BFD8F3DD9F} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5D28D5B8-6707-1F85-76B2-15D4FE05C29A} - (no file)
O2 - BHO: (no name) - {5F0E44E7-A258-D98B-78A2-D1F88FB8C5CF} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {9A75BF85-0E3E-2FED-4EE1-2577A7B00898} - (no file)
O2 - BHO: (no name) - {A29D08B4-B40B-98DD-2800-CE89187E68C0} - (no file)
O2 - BHO: (no name) - {B016751F-94A7-B072-D05D-BE3EC0542795} - (no file)
O2 - BHO: (no name) - {BA592A30-C8D0-BD58-ADFA-E43B807129C9} - (no file)
O2 - BHO: (no name) - {C8353F77-D1C7-A716-B46C-F87AE7940EC0} - (no file)
O2 - BHO: (no name) - {E2703697-842C-A1A8-0475-F93AF02D70C4} - C:\WINDOWS\System32\gietuuyc.dll (file missing)
O2 - BHO: DPCUpdater Object - {E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - C:\WINDOWS\System32\awtss.dll
O2 - BHO: (no name) - {E347751E-C8A2-B372-D05D-BE3EC0547694} - (no file)
O2 - BHO: (no name) - {E7540AB3-E603-9582-7750-CB09806023C0} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F2FA09FB-EE7A-46d8-9145-A1EEF7850052} - C:\WINDOWS\system32\ddayy.dll
O2 - BHO: (no name) - {F7079FDD-2562-52BF-1042-5F50D62767C3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124406435326
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124406406967
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E427A57F-1A94-0BFC-6D7A-6DC214946AD4} - ms-its:mhtml:file://c:\\nosuch.mht!http://users.perfhost.com/~zone14/z/index.chm::/index.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F63C60A-EC60-4DAB-B917-6DEF8A549C71}: NameServer = 192.168.11.250
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\explorer.dll
O20 - Winlogon Notify: awtss - C:\WINDOWS\System32\awtss.dll
O20 - Winlogon Notify: ddayy - C:\WINDOWS\SYSTEM32\ddayy.dll
O20 - Winlogon Notify: IntlRun - C:\WINDOWS\system32\cl3250.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.


==

Please download and install ewido anti-spyware tool (http://www.ewido.net/en/product/) Close all other Applications Select language click Ok Click I Agree Click next Click Install Click Finish Wait and Ewido will open to the main screen automatically. Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen. This in very important to get updates When updating has finished. Close Ewido.If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. Next, please reboot your computer in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear use arrow up to highlight Select the first option, to run Windows in Safe Mode hit enter. For additional help in booting into Safe Mode, see the following site: HERE (http://www.pchell.com/support/safemode.shtml)

You MUST manage to get into Safe Mode for the fix to work.Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan! Open Ewido Click on scanner top of Ewido sceen Click on Settings Under How to Act click on Recommended Action choose Quarantine Under How to scan all boxes should be selected Under Possibly unwanted software all boxes should be selected On right side under Reports: click on Automatically generate report after every scan. Under What to scan select scan every file Click On scan Tab Click on Complete system scan Let the program scan the machine It can take awhile give it time. When scan has finished At bottom of screen click Apply all Actions Click Save report Click Save Report as (Save as window's screen should pop up.) Click desktop Click Save Exit ewidoReboot back to normal mode

==

Please post the contents of C:\vundofix.txt the Ewido log and a new HiJackThis log.

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

alright, i have some new problems. the ddayy is still there. everytime i get rid of it it comes back. i dont have a safe mode on this computer. when i get to where safe mode is to be it gives me one option and it is to boot into personal something or other. also the vundofix.exe was downloaded and i ran it just the way you said to, but it didnt work. i am going to let you see my log files for hjt, ewido. i also ran adaware, but i wont post it unless you want me too. kaspersky found 4 virus, but it wouldnt get rid of them, so i dont know what to do about that either. the ewido wouldnt get rid of the purity scan by deletion or quarintine. i dont know what to do from here. thank you for the help.

Logfile of HijackThis v1.99.1
Scan saved at 3:54:22 PM, on 7/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\EVREYBODY'S\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://62.4.84.53/trafc-2/rfe.php?nid=ap&cmp=aol&uid=A0D38C72CA6311DA8C83000B6AC2AAE3&guid=84491f05+5692575C254944B4816FD2676C27C45B&lid=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {12C55E2D-E8C5-C817-E63D-CD19127E879F} - (no file)
O2 - BHO: (no name) - {229DCCDF-7C35-02EA-4A07-5E801800B49C} - (no file)
O2 - BHO: (no name) - {2BA75E5A-E8ED-C368-98CB-92FC2C8CBB9A} - (no file)
O2 - BHO: (no name) - {3527012C-BEC6-9541-B5A6-C459A5F7FECA} - (no file)
O2 - BHO: (no name) - {3F5B6C52-82BE-F86C-C3AF-F48ADBD4ACCD} - (no file)
O2 - BHO: (no name) - {3FE0309D-8921-F6A2-0E95-F74A37A8F194} - C:\WINDOWS\System32\avbqvnh.dll (file missing)
O2 - BHO: (no name) - {3FF694DA-2F34-5BB5-42C5-57A02A89FEC4} - (no file)
O2 - BHO: (no name) - {485B6481-8F3C-A3EE-47E5-A5BFD8F3DD9F} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5D28D5B8-6707-1F85-76B2-15D4FE05C29A} - (no file)
O2 - BHO: (no name) - {5F0E44E7-A258-D98B-78A2-D1F88FB8C5CF} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {9A75BF85-0E3E-2FED-4EE1-2577A7B00898} - (no file)
O2 - BHO: (no name) - {A29D08B4-B40B-98DD-2800-CE89187E68C0} - (no file)
O2 - BHO: (no name) - {B016751F-94A7-B072-D05D-BE3EC0542795} - (no file)
O2 - BHO: (no name) - {BA592A30-C8D0-BD58-ADFA-E43B807129C9} - (no file)
O2 - BHO: (no name) - {C8353F77-D1C7-A716-B46C-F87AE7940EC0} - (no file)
O2 - BHO: (no name) - {E2703697-842C-A1A8-0475-F93AF02D70C4} - C:\WINDOWS\System32\gietuuyc.dll (file missing)
O2 - BHO: DPCUpdater Object - {E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - C:\WINDOWS\System32\awtss.dll (file missing)
O2 - BHO: (no name) - {E347751E-C8A2-B372-D05D-BE3EC0547694} - (no file)
O2 - BHO: (no name) - {E7540AB3-E603-9582-7750-CB09806023C0} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F7079FDD-2562-52BF-1042-5F50D62767C3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124406435326
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124406406967
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E427A57F-1A94-0BFC-6D7A-6DC214946AD4} - ms-its:mhtml:file://c:\\nosuch.mht!http://users.perfhost.com/~zone14/z/index.chm::/index.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F63C60A-EC60-4DAB-B917-6DEF8A549C71}: NameServer = 192.168.11.250
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\explorer.dll
O20 - Winlogon Notify: IntlRun - C:\WINDOWS\system32\cl3250.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:38:27 PM 7/15/2006

+ Scan result:



HKLM\SYSTEM\CurrentControlSet\Services\SvcProc -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP388\A1006466.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\__delete_on_reboot__e_x_p_l_o_r_e_r_._d_l_l_ -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\avbqvnh.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\explorer.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
[1196] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[140] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[1432] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[1576] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[164] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[1900] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[1968] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[2240] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[440] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[524] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[556] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[608] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[860] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[964] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
[984] C:\WINDOWS\System32\explorer.dll -> Adware.PurityScan : Error during cleaning.
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SysProtect -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ddayy.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\bmv.hta -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\WINDOWS\m.hta -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Program Files\ѕystem\wuauclt.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP376\A1004386.exe -> Trojan.ValueaAd : Cleaned with backup (quarantined).


::Report end

Looks like vundofix worked to me :).

Can you please do the following.

===============

I'd recommend that you install all the critical windows updates available from Microsoft, up to service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccurring in the future.

===============

Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.

Also move the "Backups" folder, for HiJackThis, if present.

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\Program Files\hp center\137903\Shadow\ShadowBar.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Scan with HiJackThis, then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

O2 - BHO: (no name) - {12C55E2D-E8C5-C817-E63D-CD19127E879F} - (no file)
O2 - BHO: (no name) - {229DCCDF-7C35-02EA-4A07-5E801800B49C} - (no file)
O2 - BHO: (no name) - {2BA75E5A-E8ED-C368-98CB-92FC2C8CBB9A} - (no file)
O2 - BHO: (no name) - {3527012C-BEC6-9541-B5A6-C459A5F7FECA} - (no file)
O2 - BHO: (no name) - {3F5B6C52-82BE-F86C-C3AF-F48ADBD4ACCD} - (no file)
O2 - BHO: (no name) - {3FE0309D-8921-F6A2-0E95-F74A37A8F194} - C:\WINDOWS\System32\avbqvnh.dll (file missing)
O2 - BHO: (no name) - {3FF694DA-2F34-5BB5-42C5-57A02A89FEC4} - (no file)
O2 - BHO: (no name) - {485B6481-8F3C-A3EE-47E5-A5BFD8F3DD9F} - (no file)
O2 - BHO: (no name) - {5D28D5B8-6707-1F85-76B2-15D4FE05C29A} - (no file)
O2 - BHO: (no name) - {5F0E44E7-A258-D98B-78A2-D1F88FB8C5CF} - (no file)
O2 - BHO: (no name) - {9A75BF85-0E3E-2FED-4EE1-2577A7B00898} - (no file)
O2 - BHO: (no name) - {A29D08B4-B40B-98DD-2800-CE89187E68C0} - (no file)
O2 - BHO: (no name) - {B016751F-94A7-B072-D05D-BE3EC0542795} - (no file)
O2 - BHO: (no name) - {BA592A30-C8D0-BD58-ADFA-E43B807129C9} - (no file)
O2 - BHO: (no name) - {C8353F77-D1C7-A716-B46C-F87AE7940EC0} - (no file)
O2 - BHO: (no name) - {E2703697-842C-A1A8-0475-F93AF02D70C4} - C:\WINDOWS\System32\gietuuyc.dll (file missing)
O2 - BHO: DPCUpdater Object - {E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - C:\WINDOWS\System32\awtss.dll (file missing)
O2 - BHO: (no name) - {E347751E-C8A2-B372-D05D-BE3EC0547694} - (no file)
O2 - BHO: (no name) - {E7540AB3-E603-9582-7750-CB09806023C0} - (no file)
O2 - BHO: (no name) - {F7079FDD-2562-52BF-1042-5F50D62767C3} - (no file)

O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe

O16 - DPF: {E427A57F-1A94-0BFC-6D7A-6DC214946AD4} - ms-its:mhtml:file://c:\\nosuch.mht!http://users.perfhost.com/~zone14/z/...hm::/index.exe

O20 - AppInit_DLLs: C:\WINDOWS\System32\explorer.dll
O20 - Winlogon Notify: IntlRun - C:\WINDOWS\system32\cl3250.dll (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders: (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)

folders...

C:\Program Files\hp center\137903\Shadow

files...

C:\WINDOWS\System32\explorer.dll

Search for...

AUNPS2.DLL

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam)".

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html). If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

okay, i did as you said. i only found 1 file out of the few you put on. i tried, in hjt, to fix the O20 - AppInit_DLLs: C:\WINDOWS\System32\explorer.dll. it got mad at me and gave me a little thing that said contact hjt or something like that. thank you for your help thus far. i will be back in tomorrow to get a little more help. thank you very much

Cool. I will need to see another hijackthis log to see what has happened so far. Generally errors thrown up by hijackthis do not affect it's effectiveness.