Phil - thanks very much, your instructions were amazing -- very helpful, especially for someone who is not very technically adept. The instructions were very clear and easy to follow. Below I am posting the logs and answers to questions you wanted.
1. Log1 from AVGas scan:
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:30:36 PM 01/19/2007
+ Scan result:
C:\Program Files\Genesis\Navigator Suite\Info\RemoteNew\winvnc4.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4110 : Cleaned.
C:\Program Files\Genesis\Navigator Suite\Info\Remote\winvnc4.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4110 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25B1.tmp -> TrackingCookie.247realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBE.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq211.tmp -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23EC.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25B4.tmp -> TrackingCookie.Adviva : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C0.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq209.tmp -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC1.tmp -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20A.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20B.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25B6.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\user\Cookies\user@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C1.tmp -> TrackingCookie.Clickbank : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp -> TrackingCookie.Clickbank : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25B7.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp -> TrackingCookie.Coremetrics : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23EE.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25BA.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC2.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25BB.tmp -> TrackingCookie.Findwhat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14F3.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25B8.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25B9.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7D.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC3.tmp -> TrackingCookie.Hitslink : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC4.tmp -> TrackingCookie.Hitslink : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC6.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25BF.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC7.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24C2.tmp -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14F2.tmp -> TrackingCookie.Pro-market : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23ED.tmp -> TrackingCookie.Pro-market : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20F.tmp -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23F0.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20C.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23EF.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14F5.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25BE.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq83.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC8.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25C0.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25C1.tmp -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25C2.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25C3.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC9.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23F3.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14F6.tmp -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq86.tmp -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25B3.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCB.tmp -> TrackingCookie.Zedo : Cleaned.
::Report end
2. When I ran the Killbox, NO I did not get the message you asked about --- PendingFileRenameOperations prompt.
3. Log2 from combofix:
user" - 07-01-19 18:49:50 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\user\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\2453867.dll
C:\WINDOWS\system32\SVKP.sys
C:\INSTALL.LOG
C:\setup.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-19 to 2007-01-19 ))))))))))))))))))))))))))))))))))
2007-01-19 18:45 200,704 --a------ C:\WINDOWS\system32\mstds.exe
2007-01-19 18:03 <DIR> d-------- C:\!KillBox
2007-01-19 16:34 <DIR> d-------- C:\WINDOWS\pss
2007-01-19 16:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-19 15:59 <DIR> d-------- C:\Program Files\Grisoft
2007-01-19 15:47 <DIR> d-------- C:\Program Files\HijackThis
2007-01-18 15:07 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-01-18 15:07 <DIR> d-------- C:\kav
2007-01-18 15:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Kaspersky Lab
2007-01-18 12:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-18 07:07 <DIR> d-------- C:\DOCUME~1\user\Application Data\Paltalk
2007-01-17 19:52 <DIR> d-------- C:\Program Files\HQuote
2007-01-17 19:30 1,351,922 --------- C:\hq.exe
2007-01-17 19:05 <DIR> d-------- C:\TAW1
2007-01-14 05:49 8,704 --a------ C:\WINDOWS\system32\sporder.dll
2007-01-14 05:49 221,184 --a------ C:\WINDOWS\system32\mswsck32.dll
2007-01-14 05:49 200,704 --a------ C:\WINDOWS\mzz.exe
2007-01-05 17:45 <DIR> d-------- C:\Program Files\GSD
2007-01-04 01:42 <DIR> d-------- C:\RobBooker
2006-12-29 22:58 374,197 --------- C:\insider.exe
2006-12-27 18:02 41,802,420 --------- C:\IdentifyTargets.exe
2006-12-23 22:15 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2006-12-21 15:45 2,243,335 --------- C:\beatyourbroker.exe
2006-12-19 08:27 1,497,680 --------- C:\ccsetup136.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-19 18:44 -------- d-------- C:\Program Files\paltalk messenger
2007-01-18 18:47 -------- d-------- C:\Program Files\four_pillars_finance
2007-01-18 16:23 -------- d-------- C:\Program Files\google
2007-01-18 14:56 -------- d-------- C:\Program Files\fractals edge advanced 2005
2007-01-17 18:58 -------- d-------- C:\Program Files\quotetracker
2007-01-17 18:58 -------- d-------- C:\DOCUME~1\user\Application Data\the blocks company, llc
2007-01-17 18:56 -------- d-------- C:\Program Files\velocity trader
2007-01-17 17:54 7666887 --a------ C:\SETUP26h.EXE
2007-01-10 00:42 -------- d-------- C:\Program Files\java
2007-01-10 00:23 -------- d-------- C:\DOCUME~1\user\Application Data\adobeum
2007-01-05 00:21 -------- d-------- C:\Program Files\aps
2007-01-04 00:55 -------- d-------- C:\Program Files\yestrader
2007-01-04 00:55 -------- d-------- C:\Program Files\winamp
2007-01-04 00:55 -------- d-------- C:\Program Files\tradersstudio13
2007-01-04 00:55 -------- d-------- C:\Program Files\rosecast trader
2007-01-04 00:55 -------- d-------- C:\Program Files\quicktime
2007-01-04 00:55 -------- d-------- C:\Program Files\powerkit
2007-01-04 00:55 -------- d-------- C:\Program Files\nortel networks
2007-01-04 00:55 -------- d-------- C:\Program Files\murreymath eod 2006
2007-01-04 00:55 -------- d-------- C:\Program Files\mozilla firefox
2007-01-04 00:55 -------- d-------- C:\Program Files\microsoft intellitype pro
2007-01-04 00:55 -------- d-------- C:\Program Files\microsoft intellipoint
2007-01-04 00:55 -------- d-------- C:\Program Files\metatrader 4
2007-01-04 00:55 -------- d-------- C:\Program Files\interbank fx trader 4
2007-01-04 00:55 -------- d-------- C:\Program Files\ibs-eureka 2.0
2007-01-04 00:55 -------- d-------- C:\Program Files\graphpap
2007-01-04 00:55 -------- d-------- C:\Program Files\fxsgts
2007-01-04 00:55 -------- d-------- C:\Program Files\dimonx6
2007-01-04 00:55 -------- d-------- C:\Program Files\d-link airplus g
2007-01-04 00:55 -------- d-------- C:\Program Files\cybersky
2007-01-04 00:55 -------- d-------- C:\Program Files\ccleaner
2007-01-04 00:55 -------- d-------- C:\Program Files\canrich free trial
2007-01-04 00:52 -------- d-------- C:\Program Files\equis
2007-01-03 18:30 -------- d-------- C:\DOCUME~1\user\Application Data\professional
2007-01-01 16:49 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-23 22:15 -------- d-------- C:\Program Files\picasa2
2006-12-21 20:56 -------- d-------- C:\DOCUME~1\user\Application Data\ebookpro6
2006-12-17 15:10 31 --a------ C:\AUTOEXEC.BAT
2006-12-17 15:10 -------- d--h----- C:\Program Files\installshield installation information
2006-12-14 23:56 7796559 --------- C:\apsdv49.exe
2006-12-14 12:44 140262656 --------- C:\telechartinst.exe
2006-12-13 17:22 13214910 --------- C:\SIMULATOR_InfinityAT.exe
2006-12-08 18:53 -------- d-------- C:\Program Files\Common Files\i4j_jres
2006-12-08 17:37 16319488 --------- C:\CanRich_Free_Trial.exe
2006-12-07 07:27 -------- d-------- C:\Program Files\ts support
2006-12-07 07:27 -------- d-------- C:\Program Files\real time software engineering
2006-12-07 07:27 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-06 23:14 6106623 --------- C:\msrt_3.2_tws_demo.exe
2006-12-05 11:34 370469 --------- C:\utrade.exe
2006-12-05 11:32 678566 --------- C:\ebay2002.exe
2006-11-29 23:10 -------- d-------- C:\DOCUME~1\user\Application Data\google
2006-11-29 18:20 2424840 --------- C:\AiRoboForm.exe
2006-11-27 22:18 -------- d-------- C:\Program Files\fx
2006-11-27 22:17 19019550 --------- C:\fxaccucharts_setup.exe
2006-11-25 14:32 -------- d-------- C:\Program Files\dt
2006-11-23 10:34 -------- d-------- C:\Program Files\Common Files\quote.com
2006-11-22 16:58 14070163 --------- C:\DT5Setup.exe
2006-11-02 13:28 8784 --a------ C:\WINDOWS\system32\ractrlkeyhook.dll
2006-11-01 17:42 94314 --a------ C:\WINDOWS\system32\klogon.dll
2006-10-28 13:18 32275831 --------- C:\st-install.exe
2006-10-23 07:58 851968 --a------ C:\WINDOWS\system32\g32_gd.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RTHDCPL"="RTHDCPL.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"mstds.exe"="c:\\windows\\system32\\mstds.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Completion time: 07-01-19 19:08:28
4. Log3 from Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 7:13:58 PM, on 01/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mstds.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://rogers.yahoo.comO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mstds.exe] c:\windows\system32\mstds.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Uninstall.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsck32.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=67633O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnote...ad/mnviewer.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=48835O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg...l_v1-0-3-36.cabO16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) -
http://www.investors...ocx/plotwon.ocxO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logme...trl.cab?lmi=100O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
-----------------
Let me know what you think.
I am working hard and being very careful to follo (... and trusting) your instructions and directions.
thanks again.