About 75 % of the time when I restart my computer I get a screen that pops up that says "Services and Controller app has encountered a problem and needs to close".

If I leave it alon my computer works fine but if I hit dont send or send I get a screen that restarts my comp. automatically in 60 sec.

Please Help!

Here's my HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:20:14 PM, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\JAMES PIKUL\DESKTOP\stinger.exe
C:\Documents and Settings\James Pikul\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uiuc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDaemOVu3Ev 6d50Ki6uL4FsmDlpkbKFYNG1FaExJxsJOTyOCtun2DXdOMDt7/eVRxd8I9ssLgKSdtrxgEuLSbNDPvDT6mAPJ8meo/CRLTzafYWGyaUyWZt30GzQOaTDbdY9usr7crCdeqVswNzHHjCl mszuCU6OQ28
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/activation/activate-redirect.jsp?LG=ENG&IVR=3004838619436959106118163440307638053272610995 361&SO={257BBC47-1B26-432e-9F84-188603799DD3}
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\mridqgos.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ShowTangoBar Class - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A9A3578C-3238-45B6-92CC-F3214AADA1BF} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {BADAD1DF-F9C5-4CFC-A05E-D167221B9EB0} - C:\WINDOWS\system32\elgtxaca.dll (file missing)
O2 - BHO: (no name) - {C866A8E7-8384-4DC7-BE19-7D3CD2B09D3D} - C:\WINDOWS\system32\mljgg.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: ƒtƒŒƒbƒc�Ú‘±ƒc�[ƒ‹ - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url]http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123932332734[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - [url]http://driveragent.com/files/driveragent.cab[/url]
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - [url]http://www.pcpitstop.com/antivirus/PitPav.cab[/url]
O18 - Protocol: bw+0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FC314AD4-ACBD-4851-9E30-3A58F187071D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTE\Flets\app\TangoService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Welcome to PC Guide...

Please start the fix with this:

1. Combofix:

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

If that link is still not working, use this one:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

combo fix log (really long):

- 2007-07-29 12:59:33 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


C:\WINDOWS\system32\mridqgos.dll
C:\WINDOWS\system32\yrqbpkow.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cu rsorcafe.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cu rsorcafeA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Fi ndIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Fi ndItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\fi ndithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\fi nditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\ga mes.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\ga mesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Hi ghlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Hi ghlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\hi ghlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\hi ghlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\lo go.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\lo goxp.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\mo viesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Re ference.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\Re ferenceHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\re ferencehotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\re ferencexp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\sc reensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\sc reensaverA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\We ather.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\we atherhotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\we atherxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\e rror.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\r elated.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\t ravel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\images\wal ertXP.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpda te\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpda te\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpda te\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpda te\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpda te\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpda te\TimerManagerConfig.xml.backup
C:\WINDOWS\system32\xpdx.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


2007-07-29 12:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-14 17:50 <DIR> d-------- C:\Program Files\iTunes
2007-07-14 17:48 <DIR> d-------- C:\Program Files\QuickTime
2007-07-14 17:46 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-14 17:45 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-14 17:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-29 11:04:22 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-28 06:35:14 -------- d-----w C:\DOCUME~1\JAMESP~1\APPLIC~1\uTorrent
2007-07-26 08:08:12 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-07-25 16:02:28 -------- d-----w C:\DOCUME~1\JAMESP~1\APPLIC~1\Skype
2007-07-14 08:50:15 -------- d-----w C:\Program Files\iPod
2007-07-06 03:00:00 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 06:08:08 -------- d-----w C:\DOCUME~1\JAMESP~1\APPLIC~1\My Battle for Middle-earth(tm) II Files
2007-06-24 13:44:09 21,425 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-24 13:40:37 -------- d-----w C:\Program Files\Apoint
2007-06-24 13:38:43 -------- d-----w C:\Program Files\NetWaiting
2007-06-24 13:31:21 -------- d-----w C:\DOCUME~1\JAMESP~1\APPLIC~1\Intel
2007-06-24 13:28:14 -------- d-----w C:\Program Files\Dell
2007-06-24 12:45:10 -------- d-----w C:\Program Files\PCPitstop
2007-06-24 10:56:12 -------- d-----w C:\Program Files\CCleaner
2007-06-16 05:50:20 -------- d-----w C:\Program Files\Electronic Arts
2007-06-16 04:02:50 -------- d-----w C:\Program Files\THQ
2007-06-16 02:59:08 -------- d-----w C:\Program Files\COH
2007-06-11 09:44:30 -------- d-----w C:\DOCUME~1\JAMESP~1\APPLIC~1\AdobeUM
2007-06-08 03:05:10 -------- d-----w C:\DOCUME~1\JAMESP~1\APPLIC~1\SopCast
2007-06-08 03:01:07 -------- d-----w C:\Program Files\SopCast
2007-06-07 17:26:02 -------- d-----w C:\DOCUME~1\JAMESP~1\APPLIC~1\Xfire
2007-06-07 17:25:55 -------- d-s---w C:\Program Files\Xfire
2007-06-07 04:28:47 1,040,384 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-06-07 04:28:44 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll
2007-06-04 10:58:03 612 ----a-w C:\WINDOWS\eReg.dat
2007-06-02 04:58:24 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-02 04:39:19 -------- d-----w C:\Program Files\EA Games
2007-06-02 04:28:36 1,536 ----a-w C:\nkve.exe
2007-05-22 03:54:03 5,120 ----a-w C:\WINDOWS\system32\BReWErS.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-29 10:58:53 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-28 08:53:09 36,864 ----a-w C:\WINDOWS\system32\unpdf.exe
2007-04-28 08:53:08 81,920 ----a-w C:\WINDOWS\system32\emfxp.dll
2005-12-14 16:42:38 774,144 ----a-w C:\Program Files\RngInterstitial.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9A3578C-3238-45B6-92CC-F3214AADA1BF}]
C:\WINDOWS\system32\ssqpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BADAD1DF-F9C5-4CFC-A05E-D167221B9EB0}]
C:\WINDOWS\system32\elgtxaca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C866A8E7-8384-4DC7-BE19-7D3CD2B09D3D}]
C:\WINDOWS\system32\mljgg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 21:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
backup=C:\WINDOWS\pss\dlbcserv.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]
rundll32.exe "C:\WINDOWS\system32\gtpdjbxm.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E) ]
C:\WINDOWS\system32\ElkCtrl.exe /automation

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
C:\Program Files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SvcManager]
dtsrvcs4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4 157887751\TalkAndWrite.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"iPodService"=3 (0x3)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)

R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.S YS
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscd bhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.s ys
R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.s ys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sy s
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvndd m.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio .sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs .sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct .sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres .sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sy s
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio .sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool .sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sy s
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa .sys
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP;C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport;C:\WINDOWS\system32\DRIVERS\enetnt.sys
R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSF_DP V.SYS
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFH WICH.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sy s
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
S1 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 cdrmkaun;cdrmkaun;\??\C:\DOCUME~1\JAMESP~1\LOCALS~ 1\Temp\cdrmkaun.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 DCALEXICO;DCALEXICO;C:\WINDOWS\system32\drivers\DC alexico.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 FilterService;UVC Filter Service;C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
S3 IOSPD5;IOSPD5 NDIS Protocol Driver;\??\D:\IOSETOP\IOSPD5.SYS
S3 LOGNT;LOGNT;\??\C:\PROGRA~1\NTTE\Flets\app\lognt.s ys
S3 lvpopflt;Logitech POP Suppression Filter;C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
S3 LVUVC;Logitech QuickCam Fusion(UVC);C:\WINDOWS\system32\DRIVERS\lvuvc.sys
S3 NTSTPL1;NTSTPL1;\??\C:\PROGRA~1\NTTE\Flets\app\NTS TPL1.SYS
S3 RAWESR;RAWESR;\??\C:\PROGRA~1\NTTE\Flets\app\RAWES R.SYS
S3 sffdisk;SFF Storage Class Driver;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 TAPBIND;TAPBIND;\??\C:\PROGRA~1\NTTE\Flets\app\TAP BIND1.SYS
S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\ TVICHW32.SYS
S3 UIUSys;Conexant Setup API;C:\WINDOWS\system32\drivers\UIUSys.sys
S3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys


Contents of the 'Scheduled Tasks' folder
2007-07-17 03:25:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-29 11:05:02 C:\WINDOWS\tasks\Symantec NetDetect.job

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-29 20:04:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Management\ARPCache\\x2019\1t]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,20,06,00,00,00,00, 00,94,8f,0e,1b,f3,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\\x2019\1t]
"UninstallString"="C:\WINDOWS\IsUn0411.exe -f"C:\Program Files\NTTE\FLETS\\x192t\x192\x152\x0192b\x0192c\x0 090f\x2019f\x0192c\x81[\x192\x2039\Uninst.isu""
"DisplayName"="\x192t\x192\x152\x0192b\x0192c\x0090f\x2019f\x0192 c\x81[\x192\x2039"
"WindowsInstaller"=dword:00000000
"InstallLocation"=""

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-07-29 20:08:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-29 20:07

--- E O F ---

You still have a number of malware and suspect files on your computer... One of the files deleted by ComboFix was a rootkit and that means that there is no way to be sure you computer is completely clean even if we go on to clean it further... You may want to consider wiping your drive and reinstalling your system because of this... If you wish to proceed on cleaning it, do these scans:

* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.


and then:

Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".


Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: (...it's important that all windows must be closed)

* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.

Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot.

and finally for now:

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


Post each of the logs in your next reply and note how your computer is running...

F SECURE REPORT:

Scanning Report
Monday, July 30, 2007 10:52:52 - 16:45:15

Computer name: james
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 16 malware found
Trojan-Downloader.Win32.Tiny.he (virus)

* C:\NKVE.EXE (Renamed & Submitted)

Vundo.gen30 (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP435\A0381701.DLL (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP435\A0381702.DLL (Submitted)

Vundo.gen38 (virus)

* C:\WINDOWS\SYSTEM32\CWHMMPYY.INI (Submitted)
* C:\WINDOWS\SYSTEM32\DVRQPMQU.INI (Submitted)
* C:\WINDOWS\SYSTEM32\EYJMOITR.INI (Submitted)
* C:\WINDOWS\SYSTEM32\FMBWTSWI.INI (Submitted)
* C:\WINDOWS\SYSTEM32\HODJEAHH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\JSFNXSJJ.INI (Submitted)
* C:\WINDOWS\SYSTEM32\JUSJMTRC.INI (Submitted)
* C:\WINDOWS\SYSTEM32\LUALQBDU.INI (Submitted)
* C:\WINDOWS\SYSTEM32\NOBOIOBJ.INI (Submitted)
* C:\WINDOWS\SYSTEM32\VBOVCESS.INI (Submitted)
* C:\WINDOWS\SYSTEM32\VVMGOAJP.INI (Submitted)
* C:\WINDOWS\SYSTEM32\XIIDREVA.INI (Submitted)

W32/BHO.QG (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP427\A0374341.DLL (Submitted)

Statistics
Scanned:

* Files: 42806
* System: 4781
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 1
* Deleted: 0
* None: 15
* Submitted: 16

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{6CE3F3 EF-BDDB-48D8-9B33-7698F461F1FB}.BIN
* C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
* C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A80 6EC4D691E83AAA393B6F_50E417E0-E461-474B-96E2-077B80325612

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-07-27
* F-Secure AVP: 7.0.171, 2007-07-30
* F-Secure Orion: 1.2.37, 2007-07-27
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Pegasus: 1.19.0, 2007-06-18

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics

First, Thank you for all your help. I really appreciate it.

and second, the AVG report:

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:43:38 PM 7/30/2007

+ Scan result:



C:\NKVE.0XE -> Downloader.Tiny.he : No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP436\A0382788.exe -> Downloader.Tiny.he : No action taken.
:mozilla.24:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.25:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.26:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.27:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.79:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.70:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.71:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.72:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.101:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.102:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.103:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.105:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.99:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.47:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.106:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.107:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.87:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.88:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.35:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Netflame : No action taken.
:mozilla.57:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.58:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.59:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.60:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.61:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.62:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.73:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.74:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.75:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.76:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.77:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.51:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.28:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.29:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.30:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.31:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

It looks like you didn't let AVG AS clean up what it found??

Did you run DrWeb??

I went throught the right steps with AVG and told it to clean the files, but I'll do it again. I have restarted my comp many times since the original problem and it hasnt come back yet. and overall my computer seems to be working fine. Rebooting seems faster.
Heres my Dr.webit:

desrcas.dll;c:\program files\mywaysa\srchasde\1.bin;Adware.MyWay;Incurabl e.Moved.;
NetZero - First Month Free!.exe;C:\Documents and Settings\All Users\Desktop;Trojan.Click.1487;Deleted.;
NetZero - First Month Free!.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;Deleted.;
deSrcAs.dll;C:\Program Files\MyWaySA\SrchAsDe\1.bin;Adware.MyWay;;
mridqgos.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\sy stem32;Trojan.Virtumod;Deleted.;
yrqbpkow.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\sy stem32;Trojan.Virtumod;Deleted.;
A0374341.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP427;Adware.Crew;Incurable.Moved.;
A0381701.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP435;Trojan.Virtumod;Deleted.;
A0381702.dll;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP435;Trojan.Virtumod;Deleted.;
A0382805.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP436;Trojan.Click.1487;Deleted.;
A0382806.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP436;Trojan.Click.1487;Deleted.;

Once you do that, go back and download a fresh copy of ComboFix (it is updated daily) and run a fresh scan, then post the log... It will give us a pretty good idea where you stand... Some malware can hide pretty well and doesn't cause obvious problems so you won't go looking for it...

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:46:59 AM 7/31/2007

+ Scan result:



C:\NKVE.0XE -> Downloader.Tiny.he : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP436\A0382788.exe -> Downloader.Tiny.he : Cleaned.
:mozilla.56:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.125:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.121:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.122:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.123:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.46:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.51:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.32:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.144:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.145:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.130:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.131:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.85:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.108:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.109:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.110:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.111:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.112:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.113:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.33:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.34:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.35:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.36:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.37:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.103:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.90:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.91:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:C:\Documents and Settings\James Pikul\Application Data\Mozilla\Firefox\Profiles\706joi93.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Did you see my last post... I need to see a ComboFix log and will check back later...

ComboFix 07-07-30.2 - "" 2007-07-31 10:58:23.1 [GMT 9:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))


2007-07-30 22:02 <DIR> d-------- C:\DOCUME~1\JAMESP~1\DoctorWeb
2007-07-30 16:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-29 12:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-14 17:50 <DIR> d-------- C:\Program Files\iTunes
2007-07-14 17:48 <DIR> d-------- C:\Program Files\QuickTime
2007-07-14 17:46 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-14 17:45 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-14 17:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-24 22:38 <DIR> d-------- C:\Program Files\NetWaiting
2007-06-24 22:33 21,425 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-24 22:33 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
2007-06-24 22:33 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
2007-06-24 22:32 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2007-06-24 22:32 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2007-06-24 22:32 <DIR> d-------- C:\DOCUME~1\INCOMP~1\APPLIC~1\Intel
2007-06-24 22:32 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
2007-06-24 22:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
2007-06-24 22:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
2007-06-24 22:31 <DIR> d-------- C:\DOCUME~1\JAMESP~1\APPLIC~1\Intel
2007-06-24 22:28 94,208 --a------ C:\WINDOWS\system32\Pelzoom.dll
2007-06-24 22:28 65,536 --a------ C:\WINDOWS\system32\pmxhooks.dll
2007-06-24 22:28 49,152 --a------ C:\WINDOWS\system32\pmxcomm.dll
2007-06-24 22:28 47,104 --a------ C:\WINDOWS\system32\iconspy.exe
2007-06-24 22:28 47,104 --a------ C:\WINDOWS\system32\ico.exe
2007-06-24 22:28 40,960 --a------ C:\WINDOWS\system32\LaunHelp.exe
2007-06-24 22:28 28,672 --a------ C:\WINDOWS\system32\UnInst.exe
2007-06-24 22:28 237,568 --a------ C:\WINDOWS\system32\pmxutil.dll
2007-06-24 22:28 21,504 --a------ C:\WINDOWS\system32\FontZoom.exe
2007-06-24 22:28 2,285,568 --a------ C:\WINDOWS\system32\DellPM.exe
2007-06-24 22:28 143,360 --a------ C:\WINDOWS\system32\ApSwitch.exe
2007-06-24 22:28 139,264 --a------ C:\WINDOWS\system32\pmxmiced.exe
2007-06-24 22:28 131,072 --a------ C:\WINDOWS\system32\pmxscrll.dll
2007-06-24 22:27 770,048 --a------ C:\WINDOWS\system32\BCMLogon.dll
2007-06-24 22:27 33,664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2007-06-24 22:26 86,016 --a------ C:\WINDOWS\system32\preflib.dll
2007-06-24 22:26 757,760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2007-06-24 22:26 69,632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll
2007-06-24 22:26 44,032 --a------ C:\WINDOWS\system32\wltrynt.dll
2007-06-24 22:26 253,952 --a------ C:\WINDOWS\system32\bcmwlu00.exe
2007-06-24 22:26 20,480 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2007-06-24 22:26 2,129,920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2007-06-24 22:26 1,392,640 --a------ C:\WINDOWS\system32\WLTRAY.EXE
2007-06-24 22:26 1,253,376 --a------ C:\WINDOWS\system32\BCMWLTRY.EXE
2007-06-24 19:56 <DIR> d-------- C:\Program Files\CCleaner
2007-06-16 23:17 <DIR> d-------- C:\VundoFix Backups
2007-06-16 22:04 <DIR> d-------- C:\6d598d68d4e19e0de1418e2be7cc
2007-06-16 11:59 <DIR> d-------- C:\Program Files\COH
2007-06-08 12:01 <DIR> d-------- C:\Program Files\SopCast
2007-06-08 12:01 <DIR> d-------- C:\DOCUME~1\JAMESP~1\APPLIC~1\SopCast
2007-06-07 13:28 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-06-07 13:28 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-06-02 13:58 612 --a------ C:\WINDOWS\eReg.dat
2007-06-02 13:39 <DIR> d-------- C:\Program Files\EA Games


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-31 10:50 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-28 15:35 --------- d-------- C:\DOCUME~1\JAMESP~1\APPLIC~1\uTorrent
2007-07-26 17:08 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2007-07-26 01:02 --------- d-------- C:\DOCUME~1\JAMESP~1\APPLIC~1\Skype
2007-07-14 17:50 --------- d-------- C:\Program Files\iPod
2007-07-06 12:00 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-29 15:08 --------- d-------- C:\DOCUME~1\JAMESP~1\APPLIC~1\My Battle for Middle-earth(tm) II Files
2007-06-24 22:40 --------- d-------- C:\Program Files\Apoint
2007-06-24 22:28 --------- d-------- C:\Program Files\Dell
2007-06-24 21:45 --------- d-------- C:\Program Files\PCPitstop
2007-06-16 14:50 --------- d-------- C:\Program Files\Electronic Arts
2007-06-16 13:02 --------- d-------- C:\Program Files\THQ
2007-06-11 18:44 --------- d-------- C:\DOCUME~1\JAMESP~1\APPLIC~1\AdobeUM
2007-06-08 02:26 --------- d-------- C:\DOCUME~1\JAMESP~1\APPLIC~1\Xfire
2007-06-08 02:25 --------- d---s---- C:\Program Files\Xfire
2007-06-02 13:58 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-22 12:54 5120 --a------ C:\WINDOWS\system32\BReWErS.dll
2007-05-17 00:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-29 19:58 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-04-28 17:53 81920 --a------ C:\WINDOWS\system32\emfxp.dll
2007-04-28 17:53 36864 --a------ C:\WINDOWS\system32\unpdf.exe
2005-12-15 01:42 774144 --a------ C:\Program Files\RngInterstitial.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9A3578C-3238-45B6-92CC-F3214AADA1BF}]
C:\WINDOWS\system32\ssqpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BADAD1DF-F9C5-4CFC-A05E-D167221B9EB0}]
C:\WINDOWS\system32\elgtxaca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C866A8E7-8384-4DC7-BE19-7D3CD2B09D3D}]
C:\WINDOWS\system32\mljgg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 18:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 21:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
backup=C:\WINDOWS\pss\dlbcserv.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]
rundll32.exe "C:\WINDOWS\system32\gtpdjbxm.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E) ]
C:\WINDOWS\system32\ElkCtrl.exe /automation

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
C:\Program Files\PCPitstop\Optimize\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SvcManager]
dtsrvcs4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4 157887751\TalkAndWrite.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"iPodService"=3 (0x3)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)

R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.S YS
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscd bhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.s ys
R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.s ys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sy s
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvndd m.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio .sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs .sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct .sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres .sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sy s
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio .sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool .sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sy s
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa .sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport;C:\WINDOWS\system32\DRIVERS\enetnt.sys
R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSF_DP V.SYS
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFH WICH.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sy s
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
S1 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
S3 cdrmkaun;cdrmkaun;\??\C:\DOCUME~1\JAMESP~1\LOCALS~ 1\Temp\cdrmkaun.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 DCALEXICO;DCALEXICO;C:\WINDOWS\system32\drivers\DC alexico.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 FilterService;UVC Filter Service;C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
S3 IOSPD5;IOSPD5 NDIS Protocol Driver;\??\D:\IOSETOP\IOSPD5.SYS
S3 LOGNT;LOGNT;\??\C:\PROGRA~1\NTTE\Flets\app\lognt.s ys
S3 lvpopflt;Logitech POP Suppression Filter;C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
S3 LVUVC;Logitech QuickCam Fusion(UVC);C:\WINDOWS\system32\DRIVERS\lvuvc.sys
S3 NTSTPL1;NTSTPL1;\??\C:\PROGRA~1\NTTE\Flets\app\NTS TPL1.SYS
S3 RAWESR;RAWESR;\??\C:\PROGRA~1\NTTE\Flets\app\RAWES R.SYS
S3 sffdisk;SFF Storage Class Driver;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 TAPBIND;TAPBIND;\??\C:\PROGRA~1\NTTE\Flets\app\TAP BIND1.SYS
S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\ TVICHW32.SYS
S3 UIUSys;Conexant Setup API;C:\WINDOWS\system32\drivers\UIUSys.sys
S3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys


Contents of the 'Scheduled Tasks' folder
2007-07-17 03:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-07-31 02:00:00 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-31 11:03:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Management\ARPCache\\x2019\1t]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,20,06,00,00,00,00, 00,94,8f,0e,1b,f3,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\\x2019\1t]
"UninstallString"="C:\WINDOWS\IsUn0411.exe -f"C:\Program Files\NTTE\FLETS\\x192t\x192\x152\x0192b\x0192c\x0 090f\x2019f\x0192c\x81[\x192\x2039\Uninst.isu""
"DisplayName"="\x192t\x192\x152\x0192b\x0192c\x0090f\x2019f\x0192 c\x81[\x192\x2039"
"WindowsInstaller"=dword:00000000
"InstallLocation"=""

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-07-31 11:05:12
C:\ComboFix-quarantined-files.txt ... 2007-07-31 11:04
C:\ComboFix2.txt ... 2007-07-29 20:08

--- E O F ---

You still have a number of suspicious files and some leftover infected items... Try another scan or 2 to see if the range can be narrowed...

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log


and then...

Try running an MWavScan... It will produce a log in the lower window that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review.... If the list is extremely long, you can just paste the lines that begin with the word "File" since those are the ones we need to be most concerned about...

http://www.mwti.net/products/mwav/mwav.asp

It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...

Post the logs in your reply...

Hey,

Sorry I've been gone for a week.

I tried to download the SDFix file about 5 times now and everytime it only gets to 1MB. The rate will freeze at the rate when it reached 1 MB, and it still looks like it should be doing something, but even after leaving it for a long time noting changes.

Can you perhaps give me a different link.

Thanks

It is only slightly over a Meg and I am guessing you already have it... Are you putting it somewhere you can find it easily?? I just downloaded it and it took about 2 seconds on my cable broadband... Obviously, the link works fine...

I searched my comp and didnt find it. I am downloading it to my desktop, and it is still doing the same thing. So the link is obvioulsy not working for me.

Any suggestions?

I have a 100mb connection in Japan and it takes me less than a second to get to the 1 MB but stops after that.

What are you using to download it?? It is a pretty simple file and I don't think any malware blocks it downloading, so I don't know what else might be happening... I am using Firefox and had no problem...

I was originally using Firefox. I tried it with IE and I got an error that read like this: Cannot Copy SDFix[1]: Access is Denied
Make sure the disk is not full or write protected and that the file is not currently in use.

Is there perhaps another source I can try?

I am not aware of another source... Go with the MWavScan and I will check with the developer tomorrow about possible causes of your problem...