Hi, my PC has been infected with the Trojan virus. The warning that keeps coming up refers to a Trojanhorse.BHO. I have tried AVG, ZoneAlarm and other virus-removal software but the problem continues. Hopefully someone can help me here, anyways here's my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:49:51 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Program Files\Spyware Doctor\svcntaux.exe
F:\WINDOWS\soundman.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Spyware Doctor\swdsvc.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\WINDOWS\System32\svchost.exe
f:\WINDOWS\system32\ZuneBusEnum.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\wuauclt.exe
F:\DOCUME~1\Richarys\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

F3 - REG:win.ini: load=F:\WINDOWS\system32\awvvu.exe
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1169D616-3F89-6E5B-FCB9-60A3E7FBF098} - F:\WINDOWS\system32\oazjpha.dll (file missing)
O2 - BHO: (no name) - {1899C54B-F1DD-400B-B818-C6C5A904998C} - F:\WINDOWS\system32\compstu.dll
O2 - BHO: 0 - {22A42330-366D-47D0-8B8F-68FD6C8C6B53} - F:\Program Files\MSN\lavu.dll (file missing)
O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - F:\WINDOWS\system32\khffgdc.dll (file missing)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - F:\WINDOWS\system32\egmulhxk.dll (file missing)
O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - F:\Program Files\Spruce\Spruce.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {88AD0D5A-4F8E-4528-BF2B-4AD25C0B6608} - F:\Program Files\Online Services\hoketozy4444.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B5DF8F6C-31F8-6829-D22B-39E6038459C6} - F:\WINDOWS\system32\gyvqpd.dll (file missing)
O2 - BHO: (no name) - {BE47E697-80A3-4D26-949F-B3DD72ACB428} - F:\Program Files\Online Services\hoketozy83122.dll (file missing)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {dcce1d78-df4e-4f03-b6aa-3930a6556a63} - F:\WINDOWS\system32\vtmjrgd.dll (file missing)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FE22856B-449F-451E-93D4-6CD7FD21FBC2} - F:\Program Files\Online Services\hoketozy555077.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SDTray] "F:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\PROGRA~1\MICROS~2\wcescomm .exe"
O4 - HKCU\..\Run: [kernel] F:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Oent] "F:\Documents and Settings\Richarys\My Documents\?racle\r?gedit.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198998487375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198998479750
O20 - Winlogon Notify: khffgdc - khffgdc.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks.

First:
Please delete the version of HiJackThis.exe you have installed, then download the new version from here:
http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

Double Click on the HJTInstall.exe file. It will be installed to the default location of C:\Program File\Trend Micro\HiJackThis\

DO NOT RUN HiJackThis v2.02 at this time. That will come later...


Second:
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Here's the ComboFix log:

ComboFix 08-02-15.1 - Richarys 2008-02-14 21:23:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.246 [GMT -8:00]
Running from: F:\Documents and Settings\Richarys\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Documents and Settings\Richarys\Desktop\searchus.exe
F:\Documents and Settings\Richarys\My Documents\RACLE~1
F:\Documents and Settings\Richarys\My Documents\RACLE~1\r?gedit.exe.vzr
F:\Documents and Settings\Richarys\Start Menu\Programs\Outerinfo
F:\Documents and Settings\Richarys\Start Menu\Programs\Outerinfo\Terms.lnk
F:\Documents and Settings\Richarys\Start Menu\Programs\Outerinfo\Uninstall.lnk
F:\Program Files\Accoona
F:\Program Files\Accoona\ASearchAssist.dll
F:\Program Files\e-zshopper
F:\Program Files\e-zshopper\BarLcher.dll
F:\Program Files\kernel
F:\Program Files\mcroso~1.net
F:\Program Files\mcroso~1.net\M?crosoft.NET\
F:\Program Files\outerinfo
F:\Program Files\outerinfo\FF\chrome.manifest
F:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
F:\Program Files\outerinfo\FF\install.rdf
F:\Program Files\outerinfo\OiUninstaller.exe
F:\Program Files\outerinfo\outerinfo.ico
F:\Program Files\outerinfo\Terms.rtf
F:\Program Files\Spruce
F:\Program Files\Spruce\Spruce.dll.intermediate.manifest
F:\Program Files\Spruce\Spruce.info
F:\Program Files\Spruce\Spruce.original
F:\Program Files\Spruce\SpruceRg.dll
F:\Program Files\Spruce\un_SpruceSetup_17737.exe
F:\Program Files\Spruce\un_SpruceSetup_17737.txt
F:\Program Files\Spruce\X_Spruce.log
F:\Program Files\Temporary
F:\WINDOWS\absolute key logger.lnk
F:\WINDOWS\aconti.log
F:\WINDOWS\acontidialer.txt
F:\WINDOWS\adbar.dll
F:\WINDOWS\daxtime.dll
F:\WINDOWS\dp0.dll
F:\WINDOWS\eventlowg.dll
F:\WINDOWS\fhfmm-Uninstaller.exe
F:\WINDOWS\ie_32.exe
F:\WINDOWS\jd2002.dll
F:\WINDOWS\kkcomp$.exe
F:\WINDOWS\liqad$.exe
F:\WINDOWS\liqui-Uninstaller.exe
F:\WINDOWS\ngd.dll
F:\WINDOWS\spredirect.dll
F:\WINDOWS\system32\acespy
F:\WINDOWS\system32\acespy\__acelog.ndx
F:\WINDOWS\system32\acespy\systune.exe
F:\WINDOWS\system32\compstu.dll
F:\WINDOWS\system32\din.ip
F:\WINDOWS\system32\dpqaqlqx.bin
F:\WINDOWS\system32\drivers\blank.gif
F:\WINDOWS\system32\drivers\box_2.gif
F:\WINDOWS\system32\drivers\button_buynow.gif
F:\WINDOWS\system32\drivers\button_freescan.gif
F:\WINDOWS\system32\drivers\cell_bg.gif
F:\WINDOWS\system32\drivers\cell_footer.gif
F:\WINDOWS\system32\drivers\cell_header_block.gif
F:\WINDOWS\system32\drivers\cell_header_remove.gif
F:\WINDOWS\system32\drivers\cell_header_scan.gif
F:\WINDOWS\system32\drivers\download_btn.jpg
F:\WINDOWS\system32\drivers\download_now_btn.gif
F:\WINDOWS\system32\drivers\footer_back.jpg
F:\WINDOWS\system32\drivers\ftolhjsf.dat
F:\WINDOWS\system32\drivers\header_1.gif
F:\WINDOWS\system32\drivers\header_2.gif
F:\WINDOWS\system32\drivers\header_3.gif
F:\WINDOWS\system32\drivers\header_4.gif
F:\WINDOWS\system32\drivers\header_red_bg.gif
F:\WINDOWS\system32\drivers\header_red_free_scan.gif
F:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
F:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
F:\WINDOWS\system32\drivers\infected.gif
F:\WINDOWS\system32\drivers\main_back.gif
F:\WINDOWS\system32\drivers\product_2_header.gif
F:\WINDOWS\system32\drivers\product_2_name_small.gif
F:\WINDOWS\system32\drivers\product_features.gif
F:\WINDOWS\system32\drivers\pt.htm
F:\WINDOWS\system32\drivers\rating.gif
F:\WINDOWS\system32\drivers\screenshot.jpg
F:\WINDOWS\system32\drivers\sep_hor.gif
F:\WINDOWS\system32\drivers\sep_vert.gif
F:\WINDOWS\system32\drivers\shadow.jpg
F:\WINDOWS\system32\drivers\shadow_bg.gif
F:\WINDOWS\system32\drivers\spacer.gif
F:\WINDOWS\system32\drivers\star.gif
F:\WINDOWS\system32\drivers\star_gray.gif
F:\WINDOWS\system32\drivers\star_gray_small.gif
F:\WINDOWS\system32\drivers\star_small.gif
F:\WINDOWS\system32\drivers\style.css
F:\WINDOWS\system32\drivers\v.gif
F:\WINDOWS\system32\drivers\warning_icon.gif
F:\WINDOWS\system32\drivers\win_logo.gif
F:\WINDOWS\system32\drivers\x.gif
F:\WINDOWS\system32\pac.txt
F:\WINDOWS\system32\sznf.ascii
F:\WINDOWS\system32\uvvwa.ini
F:\WINDOWS\system32\uvvwa.ini2
F:\WINDOWS\system32\wnstscc32.exe
F:\WINDOWS\system32\z1
F:\WINDOWS\system32\z9
F:\WINDOWS\wbeInst$.exe
F:\WINDOWS\xadbrk_.exe
F:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RITIXCNZ
-------\ritixcnz


((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-14 20:20 . 2008-02-14 20:20 <DIR> d-------- F:\Program Files\Trend Micro
2008-02-02 10:30 . 2008-02-02 12:15 <DIR> d-------- F:\Documents and Settings\Richarys\.housecall6.6
2008-02-02 10:30 . 2008-02-02 12:09 102,664 --a------ F:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-02 09:46 . 2008-02-02 09:46 <DIR> d-------- F:\Program Files\Yahoo! Games
2008-02-01 18:38 . 2008-02-01 18:38 <DIR> d-------- F:\WINDOWS\Sun
2008-02-01 18:38 . 2007-09-24 23:31 69,632 --a------ F:\WINDOWS\system32\javacpl.cpl
2008-02-01 18:33 . 2008-02-01 18:38 <DIR> d-------- F:\Program Files\Java
2008-02-01 18:33 . 2008-02-01 18:33 <DIR> d-------- F:\Program Files\Common Files\Java
2008-02-01 16:40 . 2008-02-01 16:41 54,156 --ah----- F:\WINDOWS\QTFont.qfn
2008-02-01 16:40 . 2008-02-01 16:41 1,409 --a------ F:\WINDOWS\QTFont.for
2008-02-01 16:39 . 2008-02-01 16:40 <DIR> d-------- F:\Program Files\QuickTime
2008-02-01 16:39 . 2008-02-01 16:39 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-01 16:38 . 2008-02-01 16:38 <DIR> d-------- F:\Program Files\Apple Software Update
2008-02-01 16:38 . 2008-02-01 16:38 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 20:07 . 2007-12-04 04:54 95,608 --a------ F:\WINDOWS\system32\AvastSS.scr
2008-01-27 20:07 . 2007-12-04 06:55 94,544 --a------ F:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-27 20:07 . 2007-12-04 06:56 93,264 --a------ F:\WINDOWS\system32\drivers\aswmon.sys
2008-01-27 20:07 . 2007-12-04 06:51 42,912 --a------ F:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-27 20:07 . 2007-12-04 06:49 26,624 --a------ F:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-27 20:07 . 2007-12-04 06:53 23,152 --a------ F:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-27 20:06 . 2008-01-27 20:06 <DIR> d-------- F:\Program Files\Alwil Software
2008-01-27 20:06 . 2007-12-04 05:04 837,496 --a------ F:\WINDOWS\system32\aswBoot.exe
2008-01-27 20:06 . 2004-01-09 01:13 380,928 --a------ F:\WINDOWS\system32\actskin4.ocx
2008-01-27 13:16 . 2008-01-27 13:16 <DIR> d-------- F:\Program Files\Enigma Software Group
2008-01-24 21:01 . 2008-01-24 21:01 <DIR> d-------- F:\Documents and Settings\Mom\Application Data\AVG7
2008-01-24 21:00 . 2008-01-24 21:00 <DIR> d-------- F:\Program Files\Hewlett-Packard
2008-01-24 21:00 . 2008-01-24 21:00 <DIR> d-------- F:\Program Files\Common Files\HP
2008-01-24 20:59 . 2008-01-24 20:59 <DIR> d-------- F:\Program Files\Common Files\Blizzard Entertainment
2008-01-22 16:03 . 2008-02-03 15:46 1,128 --a------ F:\rollback.ini
2008-01-21 11:29 . 2008-02-14 21:31 4,632,352 --ahs---- F:\WINDOWS\system32\drivers\fidbox.dat
2008-01-21 11:29 . 2008-02-14 21:30 64,136 --ahs---- F:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 11:16 . 2007-11-14 16:05 75,248 --a------ F:\WINDOWS\zllsputility.exe
2008-01-21 11:16 . 2008-02-12 19:50 4,212 ---h----- F:\WINDOWS\system32\zllictbl.dat
2008-01-21 11:15 . 2008-01-24 21:08 <DIR> d-------- F:\WINDOWS\system32\ZoneLabs
2008-01-21 11:15 . 2008-01-21 11:15 <DIR> d-------- F:\Program Files\Zone Labs
2008-01-21 11:15 . 2007-11-14 16:05 1,086,952 --a------ F:\WINDOWS\system32\zpeng24.dll
2008-01-21 11:15 . 2008-02-13 22:07 352,808 --a------ F:\WINDOWS\system32\vsconfig.xml
2008-01-21 11:14 . 2008-02-13 22:07 <DIR> d-------- F:\WINDOWS\Internet Logs
2008-01-15 22:54 . 2008-01-24 21:00 <DIR> d-------- F:\Program Files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 05:31 --------- d---a-w F:\Documents and Settings\All Users\Application Data\TEMP
2008-02-14 06:21 --------- d-----w F:\Program Files\Spyware Doctor
2008-02-14 06:13 --------- d-----w F:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-02 22:56 128,000 ----a-w F:\WINDOWS\Internet Logs\xDB13.tmp
2008-02-01 08:12 358,912 ----a-w F:\WINDOWS\Internet Logs\xDB12.tmp
2008-01-28 08:35 --------- d-----w F:\Documents and Settings\Natalie\Application Data\teamspeak2
2008-01-26 19:37 --------- d-----w F:\Program Files\Common Files\InstallShield
2008-01-26 07:03 161,280 ----a-w F:\WINDOWS\Internet Logs\xDB11.tmp
2008-01-25 05:01 --------- d-----w F:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 05:01 --------- d-----w F:\Documents and Settings\All Users\Application Data\avg7
2008-01-25 05:00 --------- d-----w F:\Program Files\Common Files\Symantec Shared
2008-01-25 05:00 --------- d-----w F:\Documents and Settings\Natalie\Application Data\AVG7
2008-01-25 00:20 17,408 ----a-w F:\WINDOWS\Internet Logs\xDBF.tmp
2008-01-25 00:20 1,718,272 ----a-w F:\WINDOWS\Internet Logs\xDB10.tmp
2008-01-25 00:10 17,920 ----a-w F:\WINDOWS\Internet Logs\xDBD.tmp
2008-01-25 00:10 1,718,272 ----a-w F:\WINDOWS\Internet Logs\xDBE.tmp
2008-01-25 00:08 25,600 ----a-w F:\WINDOWS\Internet Logs\xDBC.tmp
2008-01-24 23:58 1,716,224 ----a-w F:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-24 23:57 19,456 ----a-w F:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-24 23:42 17,408 ----a-w F:\WINDOWS\Internet Logs\xDB8.tmp
2008-01-24 23:42 1,714,688 ----a-w F:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-24 23:39 17,408 ----a-w F:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-24 23:39 1,714,688 ----a-w F:\WINDOWS\Internet Logs\xDB7.tmp
2008-01-24 23:37 21,504 ----a-w F:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-24 23:37 1,714,688 ----a-w F:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-24 23:34 1,714,688 ----a-w F:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-24 04:55 1,714,688 ----a-w F:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-24 04:54 261,632 ----a-w F:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-22 23:50 --------- d-----w F:\Documents and Settings\Richarys\Application Data\AVG7
2008-01-17 22:58 --------- d-----w F:\Program Files\Norton Security Scan
2008-01-15 00:52 --------- d-----w F:\Program Files\HP
2008-01-15 00:49 --------- d-----w F:\Program Files\Common Files\Hewlett-Packard
2008-01-07 06:42 --------- d-----w F:\Program Files\Microsoft ActiveSync
2008-01-07 05:48 --------- d-----w F:\Program Files\Lavasoft
2008-01-07 05:48 --------- d-----w F:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-07 05:46 --------- d-----w F:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 21:06 --------- d-----w F:\Program Files\Common Files\Adobe
2008-01-02 20:47 --------- d-----w F:\Documents and Settings\Richarys\Application Data\PC Tools
2008-01-02 20:38 --------- d-----w F:\Program Files\Google
2008-01-02 19:59 --------- d-----w F:\Program Files\Zune
2008-01-02 19:57 --------- d-----w F:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-01 19:18 --------- d-----w F:\Documents and Settings\All Users\Application Data\Rabio
2007-12-30 21:45 --------- d-----w F:\Program Files\Total Video Converter
2007-12-30 11:01 --------- d-----w F:\Program Files\DivX
2007-12-30 11:01 --------- d-----w F:\Documents and Settings\Richarys\Application Data\DivX
2007-12-30 10:56 --------- d-----w F:\Program Files\SmartSoftVideoConverter
2007-12-30 10:51 --------- d-----w F:\Program Files\Blaze Media Pro
2007-12-30 10:43 --------- d-----w F:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-12-30 10:35 --------- d-----w F:\Program Files\Avex
2007-12-30 10:34 --------- d-----w F:\Program Files\Common Files\Download Manager
2007-12-30 08:53 --------- d--h--w F:\Program Files\InstallShield Installation Information
2007-12-30 08:53 --------- d-----w F:\Program Files\AvRack
2007-12-30 08:53 --------- d-----w F:\Program Files\Avance Sound Manager
2007-12-30 07:23 0 ---ha-w F:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-30 07:23 0 ---ha-w F:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-12-30 06:34 --------- d-----w F:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w F:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w F:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w F:\WINDOWS\system32\oleaut32.dll
2007-12-04 01:33 823,296 ----a-w F:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w F:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w F:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w F:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w F:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w F:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w F:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w F:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w F:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w F:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w F:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w F:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w F:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w F:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w F:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w F:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w F:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w F:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-16 05:51 80,288 ----a-w F:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-16 05:51 72,608 ----a-w F:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-16 05:51 59,296 ----a-w F:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-16 05:51 45,472 ----a-w F:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-16 05:51 245,664 ----a-w F:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-16 05:51 155,552 ----a-w F:\WINDOWS\system32\ZuneMTPZ.dll
.



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1169D616-3F89-6E5B-FCB9-60A3E7FBF098}]
F:\WINDOWS\system32\oazjpha.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22A42330-366D-47D0-8B8F-68FD6C8C6B53}]
F:\Program Files\MSN\lavu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{477840F3-BA52-44D9-8E41-38D61CAA010F}]
F:\WINDOWS\system32\egmulhxk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54DE7259-C729-45B1-BBD8-4BE9B5BD8248}]
F:\Program Files\Spruce\Spruce.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88AD0D5A-4F8E-4528-BF2B-4AD25C0B6608}]
F:\Program Files\Online Services\hoketozy4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5DF8F6C-31F8-6829-D22B-39E6038459C6}]
F:\WINDOWS\system32\gyvqpd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE47E697-80A3-4D26-949F-B3DD72ACB428}]
F:\Program Files\Online Services\hoketozy83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dcce1d78-df4e-4f03-b6aa-3930a6556a63}]
F:\WINDOWS\system32\vtmjrgd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE22856B-449F-451E-93D4-6CD7FD21FBC2}]
F:\Program Files\Online Services\hoketozy555077.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="F:\PROGRA~1\MICROS~2\wcescomm .exe" [ ]
"kernel"="F:\Program Files\kernel\kernel.exe" [ ]
"swg"="F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"Oent"="F:\Documents and Settings\Richarys\My Documents\?racle\r?gedit.exe" [ ]
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe" [2001-05-29 09:02 124416 F:\WINDOWS\soundman.exe]
"SDTray"="F:\Program Files\Spyware Doctor\SDTrayApp.exe" [ ]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - F:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-02 12:38:05 124400]
HP Digital Imaging Monitor.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffgdc]
khffgdc.dll

R2 zumbus;Zune Bus Enumerator Driver;F:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;f:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;f:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 06:19:12 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- F:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 23:00:00 F:\WINDOWS\Tasks\Norton Security Scan.job"
- F:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 21:32:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Program Files\Spyware Doctor\svcntaux.exe
F:\Program Files\Spyware Doctor\swdsvc.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-02-14 21:34:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 05:34:32
.
2008-02-14 06:14:07 --- E O F ---

Here is my other Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:33 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Program Files\Spyware Doctor\svcntaux.exe
F:\Program Files\Spyware Doctor\swdsvc.exe
F:\WINDOWS\soundman.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
f:\WINDOWS\system32\ZuneBusEnum.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1169D616-3F89-6E5B-FCB9-60A3E7FBF098} - F:\WINDOWS\system32\oazjpha.dll (file missing)
O2 - BHO: 0 - {22A42330-366D-47D0-8B8F-68FD6C8C6B53} - F:\Program Files\MSN\lavu.dll (file missing)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - F:\WINDOWS\system32\egmulhxk.dll (file missing)
O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - F:\Program Files\Spruce\Spruce.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {88AD0D5A-4F8E-4528-BF2B-4AD25C0B6608} - F:\Program Files\Online Services\hoketozy4444.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B5DF8F6C-31F8-6829-D22B-39E6038459C6} - F:\WINDOWS\system32\gyvqpd.dll (file missing)
O2 - BHO: (no name) - {BE47E697-80A3-4D26-949F-B3DD72ACB428} - F:\Program Files\Online Services\hoketozy83122.dll (file missing)
O2 - BHO: (no name) - {dcce1d78-df4e-4f03-b6aa-3930a6556a63} - F:\WINDOWS\system32\vtmjrgd.dll (file missing)
O2 - BHO: (no name) - {FE22856B-449F-451E-93D4-6CD7FD21FBC2} - F:\Program Files\Online Services\hoketozy555077.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SDTray] "F:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\PROGRA~1\MICROS~2\wcescomm .exe"
O4 - HKCU\..\Run: [kernel] F:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Oent] "F:\Documents and Settings\Richarys\My Documents\?racle\r?gedit.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198998487375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198998479750
O20 - Winlogon Notify: khffgdc - khffgdc.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 6948 bytes

Much better..

Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Press the 'Scan' button and when done check the following items in HijackThis:
O2 - BHO: (no name) - {1169D616-3F89-6E5B-FCB9-60A3E7FBF098} - F:\WINDOWS\system32\oazjpha.dll (file missing)
O2 - BHO: 0 - {22A42330-366D-47D0-8B8F-68FD6C8C6B53} - F:\Program Files\MSN\lavu.dll (file missing)
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - F:\WINDOWS\system32\egmulhxk.dll (file missing)
O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - F:\Program Files\Spruce\Spruce.dll (file missing)
O2 - BHO: (no name) - {88AD0D5A-4F8E-4528-BF2B-4AD25C0B6608} - F:\Program Files\Online Services\hoketozy4444.dll (file missing)
O2 - BHO: (no name) - {B5DF8F6C-31F8-6829-D22B-39E6038459C6} - F:\WINDOWS\system32\gyvqpd.dll (file missing)
O2 - BHO: (no name) - {BE47E697-80A3-4D26-949F-B3DD72ACB428} - F:\Program Files\Online Services\hoketozy83122.dll (file missing)
O2 - BHO: (no name) - {dcce1d78-df4e-4f03-b6aa-3930a6556a63} - F:\WINDOWS\system32\vtmjrgd.dll (file missing)
O2 - BHO: (no name) - {FE22856B-449F-451E-93D4-6CD7FD21FBC2} - F:\Program Files\Online Services\hoketozy555077.dll (file

O4 - HKCU\..\Run: [kernel] F:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [Oent] "F:\Documents and Settings\Richarys\My Documents\?racle\r?gedit.exe"

O20 - Winlogon Notify: khffgdc - khffgdc.dll (file missing)

Close all windows except HijackThis and click Fix checked.


While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\)
F:\Program Files\kernel\ <--delete entire folder,
F:\Documents and Settings\Richarys\My Documents\?racle\ <--delete entire folder,

*How to Boot into Safe mode:
http://www.computerhope.com/issues/chsafe.htm

**Show Hidden and System files and folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread. (Be sure that Word Wrap is turned off in Notepad)

I was able to do the first part of what you told me, which involved clicking Fix checked on Hijackthis, but I wasn't able to find F:/Program Files\kernel\ or F:\Documents and Settings\Richarys\My Documents\?racle\. I unchecked the options in order to show the hidden files, files extensions, and operating systems but I still wasn't able to find the folders. Thanks for the help again. I'll show you the hijackthis log that i got after rebooting again in normal mode:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:34 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Program Files\Spyware Doctor\svcntaux.exe
F:\Program Files\Spyware Doctor\swdsvc.exe
F:\WINDOWS\System32\svchost.exe
f:\WINDOWS\system32\ZuneBusEnum.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\soundman.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {dcce1d78-df4e-4f03-b6aa-3930a6556a63} - F:\WINDOWS\system32\vtmjrgd.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SDTray] "F:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\PROGRA~1\MICROS~2\wcescomm .exe"
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198998487375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198998479750
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 5751 bytes

Almost there! It's ok about the missing folders. I cannot tell from the HJT log whether they are present or not.


Run HiJackThis and press the Scan' button

When the scan is finished:
Check the following items in HijackThis.
O2 - BHO: (no name) - {dcce1d78-df4e-4f03-b6aa-3930a6556a63} - F:\WINDOWS\system32\vtmjrgd.dll (file missing)


Close all windows except HijackThis and click Fix checked.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread.

Ok, I clicked Fix Checked on the last thing you told me to click, here's the new Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:53 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\soundman.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Program Files\Spyware Doctor\svcntaux.exe
F:\Program Files\Spyware Doctor\swdsvc.exe
F:\WINDOWS\System32\svchost.exe
f:\WINDOWS\system32\ZuneBusEnum.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\System32\wbem\wmiprvse.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\system32\wuauclt.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SDTray] "F:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\PROGRA~1\MICROS~2\wcescomm .exe"
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198998487375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198998479750
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 5722 bytes

Now, unless there are still issues not reflected in your log(s), your system is clean and we are finished. Here are some simple steps you can take to reduce the chance of infection in the future. These are only suggestions, and not meant to be comprehensive, or mandatory. Take what you want, leave the rest.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system, Internet Explorer, and any Office Programs you have installed. Be sure to select the Microsoft Update option from the Windows Update Control Panel.

2. Check your Java Runtime version. (Current=1.6, aka Version 6 Update 3)
You can check the current version of the Java Runtime Modules installed by opening the Java Control Panel and selecting 'About' from the 'General' tab.
The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6 ' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.

Note: Be sure to remove all prior versions using Add/Remove Programs before you install the new one. Remember to reboot after removal.

3. Adjust your security settings for ActiveX:
Select Internet Options from the Control Panels, or from Internet Explorer (Tools -> Internet Options -> Security tab)
Click on Select Internet Zone (this is usually the default)
Press 'default level', then OK
Now press "Custom Level."

In the ActiveX controls and plug-ins section set these options:
'Download signed ActiveX controls' - Prompt
'Download unsigned ActiveX controls' - Disable
'Initialize and script ActiveX controls not maked as safe'- Disable
All other ActiveX options accept the default

4. Download and install the following free programs
a. SpywareBlaster (ActiveX protection): http://www.javacoolsoftware.com/spywareblaster.html
b. HostsXpert (HOSTS file manager): http://www.funkytoad.com

5. Install Spyware Detection and Removal Programs:
You may also want to consider installing one (or more) of the following in addition to Windows Defender:
a.Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download
b. AdAware 2007 http://www.lavasoft.de/
c. AVG AntiSpyware, Free Edition:
http://free.grisoft.com/doc/20/lng/us/tpl/v5
d. SuperAntiSpyWare, Free Edition:
http://www.snapfiles.com/get/SuperAntiSpyware.html

6. Turn on the option to Detect Phishes in your browser
Internet Explorer v7 and FireFox v2 include have excellent built-in antiphishing capabilities. Make sure you have this option turned on. If you are using Windows XP and are still using Internet Explorer 6, upgrade to Internet Explorer 7. The added security features make this upgrade mandatory for browsing today.

7. Reset System Restore
Please reset your System Restore. See Windows help for information.

8. Clean Temporary Files and Folders
Download and scan with [URL=http://www.ccleaner.com/downloadbuilds.asp]CCleaner[/URL
a. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.
b. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
c. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
d. Click the "Run Cleaner" button.
e. A pop up box will appear advising this process will permanently delete files from your system.
f. Click "OK" and it will scan and clean your system.
g. Click "exit" when done.
Run the disk cleanup utility called Cleanup! that you have already downloaded and installed
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Then reboot into normal mode to let it clean out the remaining files.

9. Rogue/Suspect Anti-Spyware
Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm

10. Anti-Spyware Programs Compared
Want to know just how effective your anti-spyware program is? Wonder how well any of the "rogue" programs listed above work? Check this link for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

11. Alternate Browser
Consider using an alternate browser as your default. I recommend and use Firefox as my primary browser. It is still necessary to keep Internet Explorer current and protected in order to use Windows Update.

If you use FireFox as your primary browser, then I recommend installing the NoScirpt extension:
http://www.noscript.net



For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

"It is your responsibility to read and adhere to the End User Licensing Agreement (EULA) of all software and services mentioned."

Good luck, and thanks for coming to our forums for help with your security and malware issues.

Thank you so much! I really wouldn't know what to do if it wasn't for this forum. I will definitely try several of the above suggestions since I would hate to have to go through this again. Thanks again for all your help.