Ultimate Defender / Ultimate Cleaner has installed itself on my computer, and I have not been able to remove it. Any assistance would be greatly appreciated.

My HijackThis log follows:

Logfile of HijackThis v1.99.1
Scan saved at 6:12:24 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Urchin\bin\urchind.exe
C:\Program Files\Urchin\bin\urchinwebd.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Urchin\bin\urchinwebd.exe
C:\WINDOWS\TEMP\AR43F2.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ihonmjgl.exe
C:\WINDOWS\system32\stcheck32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02F1A4F9-7E39-592A-A6AB-0561FA971FD9} - C:\WINDOWS\system32\ybrispm.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3cf22176-1dd2-11b2-9139-e932de68e0bf} - C:\WINDOWS\system32\wtdKNod7.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: &Paessler Site Inspector 4 Toolbar - {EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} - C:\PROGRA~1\PAESSL~1\PSITOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [APL] "C:\Program Files\ACT\ACT for Win 7\APL.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ihonmjgl.exe] C:\WINDOWS\system32\ihonmjgl.exe
O4 - HKLM\..\Run: [Privacy tools] C:\WINDOWS\system32\stcheck32.exe
O4 - HKLM\..\Run: [rrxvlhh.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rrxvlhh.dll,owwpab
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-tag
O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-src
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-a-tag
O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copymeister
O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-new-window
O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-this-window
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-selection
O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/forms
O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/images
O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/links
O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/scripts
O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/styles
O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/headers
O8 - Extra context menu item: PSI: Show Source - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/source
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\Software\..\Telephony: DomainName = TamarackBoise.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A5DD279-BCCB-40D4-BD16-1FB75094903C}: NameServer = 192.168.2.92,192.168.1.2,192.168.3.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Urchin Scheduler (urchind) - Unknown owner - C:\Program Files\Urchin\bin\urchind.exe
O23 - Service: Urchin Webserver (UrchinWebserver) - Unknown owner - C:\Program Files\Urchin\bin\urchinwebd.exe" --ntservice (file missing)

Please download VundoFix.exe
to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Thanks in advance for your assistance jurgenv.

I ran VundoFix, and the result it gave was "Done Searching for Files. No infected files were found."

I ran another HijackThis, and here is the most recent log:

Logfile of HijackThis v1.99.1
Scan saved at 8:52:18 AM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Urchin\bin\urchind.exe
C:\Program Files\Urchin\bin\urchinwebd.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Urchin\bin\urchinwebd.exe
C:\WINDOWS\TEMP\AR43F2.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ihonmjgl.exe
C:\WINDOWS\system32\stcheck32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02F1A4F9-7E39-592A-A6AB-0561FA971FD9} -

C:\WINDOWS\system32\ybrispm.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3cf22176-1dd2-11b2-9139-e932de68e0bf} -

C:\WINDOWS\system32\wtdKNod7.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -

{D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: &Paessler Site Inspector 4 Toolbar - {EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} -

C:\PROGRA~1\PAESSL~1\PSITOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program

Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator

5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan

Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [APL] "C:\Program Files\ACT\ACT for Win 7\APL.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ihonmjgl.exe] C:\WINDOWS\system32\ihonmjgl.exe
O4 - HKLM\..\Run: [Privacy tools] C:\WINDOWS\system32\stcheck32.exe
O4 - HKLM\..\Run: [rrxvlhh.dll] C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rrxvlhh.dll,owwpab
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program

Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler

Site Inspector 4\PSIToolbar.dll/copy-img-tag
O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/copy-img-src
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler

Site Inspector 4\PSIToolbar.dll/copy-a-tag
O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/copymeister
O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program

Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-new-window
O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program

Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-this-window
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window -

res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-selection
O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/forms
O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/images
O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/links
O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/scripts
O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler

Site Inspector 4\PSIToolbar.dll/styles
O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/headers
O8 - Extra context menu item: PSI: Show Source - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/source
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6}

- mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... -

{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.exe.imgfarm.com/images/nocache/f...itialSetup1.0.0.

15.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -

http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\Software\..\Telephony: DomainName = TamarackBoise.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A5DD279-BCCB-40D4-BD16-1FB75094903C}: NameServer

= 192.168.2.92,192.168.1.2,192.168.3.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. -

C:\WINDOWS\System32\basfipm.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend

Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) -

Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro

Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Urchin Scheduler (urchind) - Unknown owner - C:\Program

Files\Urchin\bin\urchind.exe
O23 - Service: Urchin Webserver (UrchinWebserver) - Unknown owner - C:\Program

Files\Urchin\bin\urchinwebd.exe" --ntservice (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program

Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
3. Run AVG Anti-Spyware
4. From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
5. After the update finishes (the status bar at the bottom will display "Update successful")
6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
7. Under "Reports
8. Select "Automatically generate report after every scan"
9. Un-Select "Only if threats were found"

[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

* Next, run Ad-aware and perform a full scan. Remove everything found.

1. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
3. AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
4. If you have any infections you will prompted, then select "Apply all actions"
5. Next select the "Reports" icon at the top.
6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* After that, post a new hijackthis log here with the report of AVG antispyware.

Ok, I have followed all the steps, and here are my logs:

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 8:35:36 PM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Urchin\bin\urchind.exe
C:\Program Files\Urchin\bin\urchinwebd.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Urchin\bin\urchinwebd.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\JV748E.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ihonmjgl.exe
C:\WINDOWS\system32\stcheck32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02F1A4F9-7E39-592A-A6AB-0561FA971FD9} - C:\WINDOWS\system32\ybrispm.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3cf22176-1dd2-11b2-9139-e932de68e0bf} - C:\WINDOWS\system32\wtdKNod7.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: &Paessler Site Inspector 4 Toolbar - {EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} - C:\PROGRA~1\PAESSL~1\PSITOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [APL] "C:\Program Files\ACT\ACT for Win 7\APL.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ihonmjgl.exe] C:\WINDOWS\system32\ihonmjgl.exe
O4 - HKLM\..\Run: [Privacy tools] C:\WINDOWS\system32\stcheck32.exe
O4 - HKLM\..\Run: [rrxvlhh.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rrxvlhh.dll,owwpab
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-tag
O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-src
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-a-tag
O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copymeister
O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-new-window
O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-this-window
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-selection
O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/forms
O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/images
O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/links
O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/scripts
O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/styles
O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/headers
O8 - Extra context menu item: PSI: Show Source - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/source
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...itialSetup1.0.0.15.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\Software\..\Telephony: DomainName = TamarackBoise.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A5DD279-BCCB-40D4-BD16-1FB75094903C}: NameServer = 192.168.2.92,192.168.1.2,192.168.3.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Urchin Scheduler (urchind) - Unknown owner - C:\Program Files\Urchin\bin\urchind.exe
O23 - Service: Urchin Webserver (UrchinWebserver) - Unknown owner - C:\Program Files\Urchin\bin\urchinwebd.exe" --ntservice (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
edit: unmanaged hijackthis log

AVG Antispyware log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:15:00 PM 4/4/2007

+ Scan result:



C:\Documents and Settings\jcarroll\Local Settings\Temporary Internet Files\Content.IE5\68CU0N1J\UltimateCleaner_Installer[1].exe -> Adware.Ultimate : Cleaned.
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP8\A0002063.exe -> Adware.Ultimate : Cleaned.
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP8\A0002064.exe -> Adware.Ultimate : Cleaned.
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP9\A0002082.exe -> Adware.Ultimate : Cleaned.
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP9\A0002083.exe -> Adware.Ultimate : Cleaned.
C:\windows\system32\bimjabsd\bimjabsd1.exe -> Adware.Ultimate : Cleaned.
C:\windows\system32\bimjabsd\bimjabsd2.exe -> Adware.Ultimate : Cleaned.
C:\windows\system32\bimjabsd\bimjabsd3.exe -> Adware.Ultimate : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.17:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@usnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.14:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.28:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.27:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Cnn : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\jcarroll\Cookies\jcarroll@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@news.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc2\Cookies\rjenks@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc2\Cookies\rjenks@news.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.30:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wfk4enczahp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wfkiclczigp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wfkieocjwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wfkoghd5eap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wfkyahczkdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wfkyspc5gdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wflokhazsdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wflospc5kho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wflounazaho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wflygmazidq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wfmikjajaeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wfmyajdjmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wgkikpcjmhp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wgkyglajcep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wgkykmcpgkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wglicodpmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wglyulcjokq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjk4siczgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjk4sldpsfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjk4uidpsho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjk4unczgfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkoamdzeep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkockazmko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkokgc5abq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkoqkdjmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkoqodjogq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkosjajwaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkosjd5ckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkospdzkhq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkouhajccp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkownd5mao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkyajczabp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkyalajskp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkycgdzieq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkycoczeap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkygkc5chp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkygldzmfo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkykhcpcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkykpajcbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkyohazekp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkyqicpcgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjkyulczmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjl4kmazeap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjl4umazaho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjliakd5alo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjligmcpmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjligoazilo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjloepazedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjlognajibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjloogczgdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjloopajakp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjloqodpelp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjlyaicpcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjlyqiajkeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjlyuodpgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjmicndjogo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjmikgdzibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjmiwiajwbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjmygicjogq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjmywpdpilq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjny-1gcpoe.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjny-1ic5we.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjny-1kdjaa.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjny-1ld5ch.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjny-1ld5ob.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjny-1mc5cb.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjny-1nczik.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjny-1ndzgb.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjnycgcjkho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjnycjdzado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjnyggdjkfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjnyghazsap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjnygjajobp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjnyohcjolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjnyqhdzckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjnysmdpocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjnyumajklq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjnywidjklp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@e-2dj6wjnywjdzkfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ehg-cbs.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ehg-sierratradingpost.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ehg-tmgolf.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ehg-usnewsworldreport.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.31:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.32:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc2\Cookies\rjenks@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc2\Cookies\rjenks@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.29:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.33:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.34:C:\Documents and Settings\jcarroll\Application Data\Mozilla\Firefox\Profiles\9koxawah.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\administrator.TAMARACKBOISE\Cookies\tamadmin@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\jcarroll\Cookies\jcarroll@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-2841206637-1263069227-922137109-500\Dc1.rar/RJenks\Cookies\rjenks@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6u1.
• Scroll down to where it says "Java Runtime Enviroinment (JRE) 6u1, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.16 MB).
• Close any programs you may have running - especially any web browsers.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

* Please open hijackthis and put a check next to the following:

O2 - BHO: (no name) - {02F1A4F9-7E39-592A-A6AB-0561FA971FD9} - C:\WINDOWS\system32\ybrispm.dll
O2 - BHO: (no name) - {3cf22176-1dd2-11b2-9139-e932de68e0bf} - C:\WINDOWS\system32\wtdKNod7.dll (file missing)
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ihonmjgl.exe] C:\WINDOWS\system32\ihonmjgl.exe
O4 - HKLM\..\Run: [Privacy tools] C:\WINDOWS\system32\stcheck32.exe
O4 - HKLM\..\Run: [rrxvlhh.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rrxvlhh.dll,owwpab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

* Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\system32\ybrispm.dll
  C:\WINDOWS\system32\ihonmjgl.exe
  C:\WINDOWS\system32\stcheck32.exe
  C:\WINDOWS\system32\rrxvlhh.dll
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

* After that, post a new hijackthis log here.

All steps have been followed, and here is my latest HigjackThis logfile:


Logfile of HijackThis v1.99.1
Scan saved at 11:58:16 AM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Urchin\bin\urchind.exe
C:\Program Files\Urchin\bin\urchinwebd.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Urchin\bin\urchinwebd.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\BUFE85.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Paessler Site Inspector 4 Toolbar - {EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} -

C:\PROGRA~1\PAESSL~1\PSITOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program

Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator

5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan

Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [APL] "C:\Program Files\ACT\ACT for Win 7\APL.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program

Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler

Site Inspector 4\PSIToolbar.dll/copy-img-tag
O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/copy-img-src
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler

Site Inspector 4\PSIToolbar.dll/copy-a-tag
O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/copymeister
O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program

Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-new-window
O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program

Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-this-window
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window -

res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-selection
O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/forms
O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/images
O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/links
O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/scripts
O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler

Site Inspector 4\PSIToolbar.dll/styles
O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/headers
O8 - Extra context menu item: PSI: Show Source - res://C:\Program Files\Paessler Site

Inspector 4\PSIToolbar.dll/source
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6}

- mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... -

{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.exe.imgfarm.com/images/nocache/f...itialSetup1.0.0.

15.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\Software\..\Telephony: DomainName = TamarackBoise.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A5DD279-BCCB-40D4-BD16-1FB75094903C}: NameServer

= 192.168.2.92,192.168.1.2,192.168.3.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. -

C:\WINDOWS\System32\basfipm.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend

Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) -

Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro

Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Urchin Scheduler (urchind) - Unknown owner - C:\Program

Files\Urchin\bin\urchind.exe
O23 - Service: Urchin Webserver (UrchinWebserver) - Unknown owner - C:\Program

Files\Urchin\bin\urchinwebd.exe" --ntservice (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program

Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

* Please open hijackthis and put a check next to the following:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

* After that, post a new hijackthis log here and tell me how everything is working.

Everything is working well and there are no signs of Ultimate Defender as far as I can tell. Here is my latest HijackThis logfile:


Logfile of HijackThis v1.99.1
Scan saved at 4:17:59 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Urchin\bin\urchind.exe
C:\Program Files\Urchin\bin\urchinwebd.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Urchin\bin\urchinwebd.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\BUFE85.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Paessler Site Inspector 4 Toolbar - {EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} - C:\PROGRA~1\PAESSL~1\PSITOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [APL] "C:\Program Files\ACT\ACT for Win 7\APL.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-tag
O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-src
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-a-tag
O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copymeister
O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-new-window
O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-this-window
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-selection
O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/forms
O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/images
O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/links
O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/scripts
O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/styles
O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/headers
O8 - Extra context menu item: PSI: Show Source - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/source
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\Software\..\Telephony: DomainName = TamarackBoise.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A5DD279-BCCB-40D4-BD16-1FB75094903C}: NameServer = 192.168.2.92,192.168.1.2,192.168.3.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TamarackBoise.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tamarackboise.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Urchin Scheduler (urchind) - Unknown owner - C:\Program Files\Urchin\bin\urchind.exe
O23 - Service: Urchin Webserver (UrchinWebserver) - Unknown owner - C:\Program Files\Urchin\bin\urchinwebd.exe" --ntservice (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Lavasoftsupport are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck.