My wife went somewhere on myspace and got some spyware or malware. I have a yellow box that pops up in the bottom right hand corner telling me to buy something (but that left with the scans) and the desktop in her profile has a red screen over it. The computer runs pretty slow. I ran Ad-Aware, Spybot, Super Spyware Blaster, and Panda and Kaspersky scans. Most of the problems are gone, but something nasty is still lurking. It also managed to shut off the Task Manager on my wife's profile.

Any help would be greatly appreciated.

Here is the Panda Scan Results:

Incident Status Location

Adware:adware/ncase Not disinfected C:\WINDOWS\System32\SALM.EXE
Adware:adware/tubby Not disinfected c:\windows\system32\WER8274.DLL
Adware:adware/keenvalue Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Adware:Adware/BraveSentry Not disinfected C:\WINDOWS\SYSTEM32\KB_963493.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.2o7.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.247realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.adultfriendfinder.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.burstnet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.cs.sexcounter.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.ehg-dig.hitbox.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.errorsafe.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.go.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.systemdoctor.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[citi.bridgetrack.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[counter.hitslink.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[searchportal.information.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[stats1.reliablestats.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[statse.webtrendslive.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\COOKIES.TXT[www.burstbeacon.com/]


Here is the Kaspersky Scan Results

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 03, 2007 9:27:49 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/08/2007
Kaspersky Anti-Virus database records: 349684
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 59674
Number of viruses found: 2
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:20:51

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\~DFC3A1.tmp Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\05cc_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\James\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\James\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\James\Local Settings\Temp\~DFA807.tmp Object is locked skipped
C:\Documents and Settings\James\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\James\Cookies\index.dat Object is locked skipped
C:\System Volume Information\_restore{A62616A7-F67A-4EC2-9CF8-67022E9EE006}\RP458\A0041808.exe Infected: Trojan.Win32.Agent.amk skipped
C:\System Volume Information\_restore{A62616A7-F67A-4EC2-9CF8-67022E9EE006}\RP482\A0055317.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\System Volume Information\_restore{A62616A7-F67A-4EC2-9CF8-67022E9EE006}\RP483\change.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


And finally here is the Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:17 PM, on 8/3/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {279A05E3-C129-4189-BA16-F0DB908C89B0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FE2172CC-6C75-4C5C-872B-5029A9559B7a} - (no file)
O2 - BHO: (no name) - {FF83D35E-CC6D-4D3A-9491-68AAB9E96869} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2C86C6-B6F7-4C6E-BDC3-F4B2515F8A0B}: NameServer = 68.87.71.226,68.87.73.242
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4656 bytes



Again thanks for any help you can provide. You guys are great.

Ok. Well, now I get pop-ups every half hour or so from some site called www.berlinads.com and it is testing my internet spped. Also, something is going on with ActiveX and it kills the Panda scan halfway through and I can't even accept the terms to start the Kaspersky scan. The page opens but I can't use any of the buttons.

But here is a fresh hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:24 AM, on 8/8/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {279A05E3-C129-4189-BA16-F0DB908C89B0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FE2172CC-6C75-4C5C-872B-5029A9559B7a} - (no file)
O2 - BHO: (no name) - {FF83D35E-CC6D-4D3A-9491-68AAB9E96869} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2C86C6-B6F7-4C6E-BDC3-F4B2515F8A0B}: NameServer = 68.87.71.226,68.87.73.242
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4726 bytes

Hi there!

( 1 )

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.

( 2 )

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe)

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)

SmitFraudFix v2.210

Scan done at 17:56:40.70, Wed 08/08/2007
Run from C:\Documents and Settings\James\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\susp.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\James


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\James\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JAMES\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Instant Wireless PCI Card V2.7 - Packet Scheduler Miniport
DNS Server Search Order: 68.87.71.226
DNS Server Search Order: 68.87.73.242

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA2C86C6-B6F7-4C6E-BDC3-F4B2515F8A0B}: NameServer=68.87.71.226,68.87.73.242
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA2C86C6-B6F7-4C6E-BDC3-F4B2515F8A0B}: NameServer=68.87.71.226,68.87.73.242
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CA2C86C6-B6F7-4C6E-BDC3-F4B2515F8A0B}: NameServer=68.87.71.226,68.87.73.242


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background

Ok, here's is what popped up from Smitfraudfix:

SmitFraudFix v2.210

Scan done at 19:30:40.18, Wed 08/08/2007
Run from C:\Documents and Settings\James\Desktop\Spyware Tools\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\susp.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA2C86C6-B6F7-4C6E-BDC3-F4B2515F8A0B}: NameServer=68.87.71.226,68.87.73.242
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA2C86C6-B6F7-4C6E-BDC3-F4B2515F8A0B}: NameServer=68.87.71.226,68.87.73.242
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CA2C86C6-B6F7-4C6E-BDC3-F4B2515F8A0B}: NameServer=68.87.71.226,68.87.73.242


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

And here is the new Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:39 PM, on 8/8/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {279A05E3-C129-4189-BA16-F0DB908C89B0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FE2172CC-6C75-4C5C-872B-5029A9559B7a} - (no file)
O2 - BHO: (no name) - {FF83D35E-CC6D-4D3A-9491-68AAB9E96869} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2C86C6-B6F7-4C6E-BDC3-F4B2515F8A0B}: NameServer = 68.87.71.226,68.87.73.242
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4482 bytes


Thanks again.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Download AVG Anti-Spyware from HERE (http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.0.50.exe) and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
[list] Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Alright, I got home from work and finally ran the test. Here's the results.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:01:23 PM 8/9/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.185:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.186:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.187:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.305:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.200:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.201:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.202:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.203:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.204:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.263:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.131:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.132:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.133:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.134:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.136:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.196:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.197:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.198:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.199:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.307:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.62:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.100:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.101:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.102:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.103:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.104:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.99:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.306:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.98:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.309:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.231:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.232:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.233:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.234:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.47:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.69:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.70:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.71:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mwn5ezca.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Getting Better..

Please download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your desktop.

Double click on Combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

I just want to thank you for dedicating this much time to fixing my problem. Also, I'm sorry I can't be on here more to get this done quicker.

Well, here's the Combofix log:

ComboFix 07-08-09.3 - "James" 2007-08-10 5:35:02.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.43 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\saiemod.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\180ax.exe
C:\WINDOWS\system32\biprep.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\salm.exe
C:\WINDOWS\system32\satmat.exe
C:\WINDOWS\system32\updatetc.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\voiceip.dll


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-10 05:33 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 17:47 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-08 17:56 816 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-08 17:56 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-08 17:56 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-08 17:56 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-03 18:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-03 05:43 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-03 05:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-02 20:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-02 20:43 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Comodo
2007-08-02 20:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-02 20:40 <DIR> d-------- C:\Program Files\Comodo
2007-08-02 20:28 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-02 19:43 63 --a------ C:\WINDOWS\system\SYSRegC.dll
2007-08-02 19:43 143,360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll
2007-08-02 19:43 <DIR> d-------- C:\Program Files\Max Registry Cleaner
2007-08-02 19:31 <DIR> d-------- C:\Program Files\Yahoo!
2007-08-02 19:30 <DIR> d-------- C:\Program Files\CCleaner
2007-08-02 15:52 <DIR> d-------- C:\DOCUME~1\Erica\APPLIC~1\Lavasoft
2007-08-02 15:43 <DIR> d-------- C:\Program Files\AntispyStorm
2007-07-27 07:06 1,744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-27 07:03 <DIR> d-------- C:\Program Files\Google
2007-07-27 07:03 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\Google
2007-07-23 10:55 <DIR> d-------- C:\DOCUME~1\Erica\APPLIC~1\MySpace
2007-07-22 11:54 <DIR> d-------- C:\Program Files\MySpace
2007-07-22 11:54 <DIR> d-------- C:\DOCUME~1\James\APPLIC~1\MySpace
2007-07-21 22:35 <DIR> d-------- C:\Program Files\iTunes
2007-07-21 22:30 <DIR> d-------- C:\Program Files\QuickTime
2007-07-21 22:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 05:40 651296 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-10 05:40 26816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-10 05:40 2147996 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-10 05:40 1695744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-08 08:03 25 --a------ C:\WINDOWS\popcinfo.dat
2007-08-02 15:06 979 --a------ C:\WINDOWS\system32\drivers\product_2_name_small.gif
2007-08-02 15:06 918 --a------ C:\WINDOWS\system32\drivers\s_detect.htm
2007-08-02 15:06 837 --a------ C:\WINDOWS\system32\drivers\blank.gif
2007-08-02 15:06 835 --a------ C:\WINDOWS\system32\drivers\style.css
2007-08-02 15:06 6575 --a------ C:\WINDOWS\system32\drivers\remove_spyware_button.gif
2007-08-02 15:06 65 --a------ C:\WINDOWS\system32\drivers\sep_hor.gif
2007-08-02 15:06 64 --a------ C:\WINDOWS\system32\drivers\close_icon.gif
2007-08-02 15:06 639 --a------ C:\WINDOWS\system32\drivers\star.gif
2007-08-02 15:06 6373 --a------ C:\WINDOWS\system32\drivers\secuity_center_logo.gif
2007-08-02 15:06 550 --a------ C:\WINDOWS\system32\drivers\star_small.gif
2007-08-02 15:06 53 --a------ C:\WINDOWS\system32\drivers\sep_vert.gif
2007-08-02 15:06 49 --a------ C:\WINDOWS\system32\drivers\spacer.gif
2007-08-02 15:06 48933 --a------ C:\WINDOWS\system32\drivers\pt.htm
2007-08-02 15:06 4723 --a------ C:\WINDOWS\system32\drivers\detect.htm
2007-08-02 15:06 425 --a------ C:\WINDOWS\system32\drivers\star_gray.gif
2007-08-02 15:06 3877 --a------ C:\WINDOWS\system32\drivers\warning_icon.gif
2007-08-02 15:06 360 --a------ C:\WINDOWS\system32\drivers\header_bg.gif
2007-08-02 15:06 3080 --a------ C:\WINDOWS\system32\drivers\product_3_header.gif
2007-08-02 15:06 2922 --a------ C:\WINDOWS\system32\drivers\footer_back.jpg
2007-08-02 15:06 291 --a------ C:\WINDOWS\system32\drivers\v.gif
2007-08-02 15:06 28459 --a------ C:\WINDOWS\system32\drivers\header_1.gif
2007-08-02 15:06 283 --a------ C:\WINDOWS\system32\drivers\x.gif
2007-08-02 15:06 2604 --a------ C:\WINDOWS\system32\drivers\product_1_header.gif
2007-08-02 15:06 2238 --a------ C:\WINDOWS\system32\drivers\download_box.gif
2007-08-02 15:06 223 --a------ C:\WINDOWS\system32\drivers\star_gray_small.gif
2007-08-02 15:06 2214 --a------ C:\WINDOWS\system32\drivers\product_2_header.gif
2007-08-02 15:06 2186 --a------ C:\WINDOWS\system32\drivers\alert_icon.gif
2007-08-02 15:06 215 --a------ C:\WINDOWS\system32\drivers\main_back.gif
2007-08-02 15:06 2090 --a------ C:\WINDOWS\system32\drivers\shadow.jpg
2007-08-02 15:06 1791 --a------ C:\WINDOWS\system32\drivers\win_logo.gif
2007-08-02 15:06 1714 --a------ C:\WINDOWS\system32\drivers\product_3_name_small.gif
2007-08-02 15:06 1647 --a------ C:\WINDOWS\system32\drivers\button_freescan.gif
2007-08-02 15:06 1619 --a------ C:\WINDOWS\system32\drivers\button_buynow.gif
2007-08-02 15:06 15421 --a------ C:\WINDOWS\system32\drivers\header_2.gif
2007-08-02 15:06 13618 --a------ C:\WINDOWS\system32\drivers\spy_away_box.jpg
2007-08-02 15:06 1330 --a------ C:\WINDOWS\system32\drivers\product_features.gif
2007-08-02 15:06 1253 --a------ C:\WINDOWS\system32\drivers\product_1_name_small.gif
2007-08-02 15:06 12326 --a------ C:\WINDOWS\system32\drivers\box_3.gif
2007-08-02 15:06 12313 --a------ C:\WINDOWS\system32\drivers\box_1.gif
2007-08-02 15:06 1204 --a------ C:\WINDOWS\system32\drivers\infected.gif
2007-08-02 15:06 11927 --a------ C:\WINDOWS\system32\drivers\box_2.gif
2007-08-02 15:06 11077 --a------ C:\WINDOWS\system32\drivers\header_4.gif
2007-08-02 15:06 10260 --a------ C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
2007-08-02 15:06 10193 --a------ C:\WINDOWS\system32\drivers\header_3.gif
2007-08-02 15:06 1014 --a------ C:\WINDOWS\system32\drivers\icon_warning.gif
2007-07-27 07:08 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-06-14 13:05 --------- d-------- C:\DOCUME~1\James\APPLIC~1\uTorrent
2007-06-11 11:26 23 --a------ C:\WINDOWS\raptinfo.dat
2007-06-10 21:56 --------- d-------- C:\DOCUME~1\James\APPLIC~1\WinRAR
2007-05-15 09:41 12965 --a------ C:\WINDOWS\system32\KB_963493.exe
2007-05-13 19:36 1165 --a------ C:\WINDOWS\mozver.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{279A05E3-C129-4189-BA16-F0DB908C89B0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE2172CC-6C75-4C5C-872B-5029A9559B7a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF83D35E-CC6D-4D3A-9491-68AAB9E96869}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"kav"="C:\Program Files\AOL\Active Virus Shield\avp.exe" [2006-05-30 12:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-02 20:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-09 17:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISMModule2"="C:\Program Files\ISM\ISMModule2.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RunOnce2Upd"="C:\WINDOWS\System32\KB_963493.exe"

R0 Inspect;Comodo Network Engine;C:\WINDOWS\System32\DRIVERS\inspect.sys
R2 NWCWorkstation;Client Service for NetWare;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 NWRDR;NetWare Rdr;C:\WINDOWS\System32\DRIVERS\nwrdr.sys
R3 USR1806V;U.S. Robotics Voice Modem Driver 1806;C:\WINDOWS\System32\DRIVERS\USR1806V.SYS
R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;C:\WINDOWS\System32\DRIVERS\WMP11V27.sys
S3 Bridge;MAC Bridge;C:\WINDOWS\System32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\System32\DRIVERS\bridge.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\System32\DRIVERS\NMnt.sys


Contents of the 'Scheduled Tasks' folder
2005-05-14 22:14:20 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe
2007-08-05 00:11:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 05:43:31
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 5:47:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 05:47

--- E O F ---

And here's the HJT log I almost forgot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:04 AM, on 8/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {279A05E3-C129-4189-BA16-F0DB908C89B0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FE2172CC-6C75-4C5C-872B-5029A9559B7a} - (no file)
O2 - BHO: (no name) - {FF83D35E-CC6D-4D3A-9491-68AAB9E96869} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2C86C6-B6F7-4C6E-BDC3-F4B2515F8A0B}: NameServer = 68.87.71.226,68.87.73.242
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4944 bytes

Also, I'm sorry I can't be on here more to get this done quicker. My time is also restricted, so no worries :)

( 1 )

Please run a BitDefender (http://www.bitdefender.com/scan8/ie.html) Online Scan

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.
( 2 )

Open HijackThis
Click Config
Click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

More information with a screenshot, can be found Here (http://www.bleepingcomputer.com/tutorials/tutorial42.html#uniman).

Let me know the results.

Here's the Bit Defender results. Sorry about all the formatting but I don't want to delete anything. I don't know what's necessary. I saved it as a html document also. If I can attach it I will.

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
****** HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
****** name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Fri, Aug 10, 2007 - 20:16:45</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">02:04:05</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">235600</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6569</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1319</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4625</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect&nbsp;Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">690713</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">14</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">37</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System&nbsp;plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">&nbsp;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td colspan=2> &nbsp;
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial">&nbsp;Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\KB_963493.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Delphi.Downloader.GV</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\KB_963493.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\WINDOWS\system32\KB_963493.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{A62616A7-F67A-4EC2-9CF8-67022E9EE006}\RP2\A0000205.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Delphi.Downloader.GV</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{A62616A7-F67A-4EC2-9CF8-67022E9EE006}\RP2\A0000205.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{A62616A7-F67A-4EC2-9CF8-67022E9EE006}\RP2\A0000205.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

</table>
<p>&nbsp;</p>

</body>
</html>

And here's my uninstall list.

µTorrent
Abexo Free Registry Cleaner
Active Virus Shield
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
Apple Software Update
AVG Anti-Spyware 7.5
Bejeweled Deluxe 1.6z
CCleaner (remove only)
Chuzzle Gold 1.0
COMODO Firewall Pro
DirectX 9 Hotfix - KB839643
Google Earth
HijackThis 2.0.2
Internet Speed Monitor
iPod for Windows 2006-01-10
iPod Updater 2004-08-06
iTunes
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.1_03
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Microsoft .NET Framework 1.1
Microsoft Broadband Networking
Microsoft Data Access Components KB870669
Mozilla Firefox (2.0.0.6)
MySpaceIM
Panda ActiveScan
PeerGuardian 2.0
QuickTime
Registry Mechanic 6.0
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q282010 for more information]
Windows XP Hotfix (SP1) [See Q307869 for more information]
Windows XP Hotfix (SP1) [See Q308210 for more information]
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q310437 for more information]
Windows XP Hotfix (SP1) [See Q310510 for more information]
Windows XP Hotfix (SP1) [See Q311542 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q316397 for more information]
Windows XP Hotfix (SP1) [See Q317181 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q318388 for more information]
Windows XP Hotfix (SP1) [See Q318966 for more information]
Windows XP Hotfix (SP1) [See Q319322 for more information]
Windows XP Hotfix (SP1) [See Q319949 for more information]
Windows XP Hotfix (SP1) [See Q320174 for more information]
Windows XP Hotfix (SP1) [See Q320552 for more information]
Windows XP Hotfix (SP1) [See Q320678 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q323322 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q328310
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q331953
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
WinRAR archiver
WinZip
Wireless PCI Card Configuration Utility
XoftSpy
Yahoo! Install Manager
Yahoo! Toolbar
Zuma Deluxe 1.0

Ok, thanks for the logfile, Disinfection Failed on one object located in System Restore, but that is nothing to be worried about.

( 1 )

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.

( 2 )

Download the latest version of Java Runtime Environment (JRE) 6/02 (http://java.sun.com/javase/downloads/index.jsp)

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

( 3 )

Please download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe)to your desktop.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - Main.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
A folder, C:\Deckard\System Scanner, will also open. In it will be another text file, Extra.txt.
Please also copy the contents of Extra.txt to your post as well.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

What DSS will do:
create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Ok, here is main.txt

Deckard's System Scanner v20070809.63
Run by James on 2007-08-11 at 13:53:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-08-11 17:54:08 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 192 MiB (512 MiB recommended).


-- HijackThis (run as James.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:04 AM, on 8/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {279A05E3-C129-4189-BA16-F0DB908C89B0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FE2172CC-6C75-4C5C-872B-5029A9559B7a} - (no file)
O2 - BHO: (no name) - {FF83D35E-CC6D-4D3A-9491-68AAB9E96869} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2C86C6-B6F7-4C6E-BDC3-F4B2515F8A0B}: NameServer = 68.87.71.226,68.87.73.242
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4944 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 WMP11V27 (Instant Wireless PCI Card V2.7 Driver) - c:\windows\system32\drivers\wmp11v27.sys <Not Verified; The Linksys Group, Inc; Instant Wireless PCI Card>

S3 catchme - c:\docume~1\james\locals~1\temp\catchme.sys (file missing)
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - e:\autorun\pcandis5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)
Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_100010B7&REV_6C\3&61AAA01&0&68
Manufacturer: 3Com
Name: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)
PNP Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_100010B7&REV_6C\3&61AAA01&0&68
Service: EL90XBC


-- Scheduled Tasks -------------------------------------------------------------

2007-08-04 20:11:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-05-14 18:14:20 296 --a------ C:\WINDOWS\Tasks\XoftSpy.job


-- Files created between 2007-07-11 and 2007-08-11 -----------------------------

2007-08-11 13:45:51 0 d-------- C:\Program Files\Common Files\Java
2007-08-10 18:08:38 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-09 17:54:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-08 17:56:54 816 --a------ C:\WINDOWS\System32\tmp.reg
2007-08-08 17:56:21 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2007-08-08 17:56:20 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-08 17:56:16 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-08 06:11:56 0 dr-h----- C:\Documents and Settings\James\Recent
2007-08-03 18:31:59 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2007-08-03 05:43:14 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-08-02 20:59:07 0 d-------- C:\Program Files\Trend Micro
2007-08-02 20:43:04 0 d-------- C:\Documents and Settings\James\Application Data\Comodo
2007-08-02 20:42:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-08-02 20:40:07 0 d-------- C:\Program Files\Comodo
2007-08-02 20:28:26 0 d-------- C:\Program Files\SpywareBlaster
2007-08-02 19:43:39 63 --a------ C:\WINDOWS\system\SYSRegC.dll
2007-08-02 19:43:11 143360 --a------ C:\WINDOWS\System32\GetHardDiskNo.dll <Not Verified; MaxSecure Software; MaxSecure Registration Module>
2007-08-02 19:43:08 0 d-------- C:\Program Files\Max Registry Cleaner
2007-08-02 19:34:43 0 dr-h----- C:\Documents and Settings\Erica\Recent
2007-08-02 19:31:07 0 d-------- C:\Program Files\Yahoo!
2007-08-02 19:30:44 0 d-------- C:\Program Files\CCleaner
2007-08-02 15:52:47 0 d-------- C:\Documents and Settings\Erica\Application Data\Lavasoft
2007-08-02 15:43:02 0 d-------- C:\Program Files\AntispyStorm
2007-07-27 07:06:06 1744 --a------ C:\WINDOWS\System32\d3d9caps.dat
2007-07-27 07:03:32 0 d-------- C:\Program Files\Google
2007-07-27 07:03:32 0 d-------- C:\Documents and Settings\James\Application Data\Google
2007-07-23 13:45:28 0 d-------- C:\Documents and Settings\Erica\Application Data\Sun
2007-07-23 11:01:41 0 d-------- C:\Documents and Settings\Erica\Application Data\Macromedia
2007-07-23 10:55:49 0 d-------- C:\Documents and Settings\Erica\Application Data\MySpace
2007-07-22 11:54:59 0 d-------- C:\Documents and Settings\James\Application Data\MySpace
2007-07-22 11:54:48 0 d-------- C:\Program Files\My