Thanks again for looking at this.
I did the following:
Booted into Safe mode with Win3K on the same machine and did an entire system scan, AVG Report #1. Then I went back onto XP in normal mode because I cannot boot into safe mode, and did a scan of the registry and memory, AVG report #2. THen I did a new Hijack log as instructed, Report #3:
#1:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:10:06 AM 3/23/2007
+ Scan result:
C:\Program Files\BullsEye Network -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\BullsEye Network\ad.dat -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Program Files\BullsEye Network\bin -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKU\S-1-5-21-3846604387-264088977-1085992075-500\Software\LocalNRD -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WinCommX.Installer -> Adware.BlazeFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WinCommX.Installer\CLSID -> Adware.BlazeFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-3846604387-264088977-1085992075-500\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\ISTsvc -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ISTactivex.Installer -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ISTactivex.Installer.2 -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ISTactivex.Installer.2\CLSID -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ISTactivex.Installer\CLSID -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ISTactivex.Installer\CurVer -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-3846604387-264088977-1085992075-500\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.NS3\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Program Files\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMO -> Adware.VX2 : Cleaned with backup (quarantined).
D:\Documents and Settings\John.MPARAM-2006\Desktop\PDA Programs\AVS Video Tools\AVS Video Tools 5.2.2.25 Fr Incl. AVS Vidéo Converter 4.4.2.393 + WinAVI Video Converter 7.1.1 Fr + FairUse Wizard 2.4 Fr + VirtualDub 1.6.9 Fr\FairUse Wizard 2.4 Fr.exe -> Logger.Ransom.a : Cleaned with backup (quarantined).
D:\Documents and Settings\John.MPARAM-2006\Desktop\PDA Programs\FairUse Wizard\FairUse.Wizard.v2.5.Multilingual-DVT\Setup\Setup.exe -> Logger.Ransom.a : Cleaned with backup (quarantined).
C:\Downloads 2006-2\Quickbooks and Quicktax 2006\Quicktax 2005.zip/Quicktax 2006/quicktax 2005 crack (2006.1.16) Volume ID=18D7-5FED.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
F:\MicroDrive\Quicktax2005\Crack\QuickTax 2005 (2006.2.13) Final Patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
F:\MicroDrive\Quicktax2005\Crack\quicktax 2005 crack (2006.1.16) Volume ID=18D7-5FED.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
D:\Documents and Settings\John.MPARAM-2006\Local Settings\Temp\Cookies\john@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
D:\Documents and Settings\John.MPARAM-2006\Local Settings\Temp\Cookies\john@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
F:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator.NS3\Cookies\administrator@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Administrator.NS3\Cookies\administrator@ehg-mybc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator.NS3\Cookies\administrator@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\John.MPARAM-2006\Local Settings\Temp\Cookies\john@ehg-superwarehouse.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\John.MPARAM-2006\Local Settings\Temp\Cookies\john@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\John.MPARAM-2006\Local Settings\Temp\Cookies\john@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
::Report end
Report #2:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:33:49 AM 3/23/2007
+ Scan result:
D:\Documents and Settings\John.MPARAM-2006\Cookies\john@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
D:\Documents and Settings\John.MPARAM-2006\Cookies\john@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
::Report end
Report #3:
Logfile of HijackThis v1.99.1
Scan saved at 9:45:45 AM, on 3/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\WINDOWS\system32\hpb2ksrv.exe
D:\WINDOWS\system32\hpbhksrv.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\system32\wwSecure.exe
D:\Program Files\FaxTalk Messenger Pro 7.0\FTMSGSVC.EXE
D:\Program Files\FaxTalk Messenger Pro 7.0\FAPIEXE.EXE
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\hpnra.exe
D:\WINDOWS\system32\hpstatus.exe
D:\Program Files\Java\jre1.5.0_09\bin\javaw.exe
D:\Program Files\FaxTalk Messenger Pro 7.0\FTClCtrl.exe
D:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\BitTorrent\bittorrent.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
D:\Program Files\PC Magazine Utilities\Startup Cop Pro\StartupCopPro.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\HPBSPSVR.EXE
D:\WINDOWS\system32\HPBJDSNT.EXE
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
c:\PROGRA~1\POPFile\popfileib.exe
D:\Program Files\Skype\Plugin Manager\SkypePM.exe
c:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.mininova.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Scandoo Toolbar - {079AC330-0A09-404c-8CA0-ABAC82F0A312} - D:\Program Files\Scansafe\Scandoo Toolbar\ScandooToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HP Network Registry Agent] D:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [HP Status] D:\WINDOWS\system32\hpstatus.exe
O4 - HKLM\..\Run: [HP Proxy Server] "D:\Program Files\Hewlett-Packard\ProxyService\ProxyService.lnk"
O4 - HKLM\..\Run: [FaxTalk Messenger Pro 7.0] "D:\Program Files\FaxTalk Messenger Pro 7.0\FTClCtrl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [FaxTalk CallControl 7.0] "D:\Program Files\FaxTalk Messenger Pro 7.0\FTClCtrl.exe" /noicon
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AVKTray] "D:\Program Files\G DATA AntiVirusKit\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "c:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [StartupCop Pro Startup Launcher] D:\Program Files\PC Magazine Utilities\Startup Cop Pro\StartupCopPro.exe /startup
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: FaxTalk Messenger Pro 7.0.lnk = ?
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewid...oOnlineScan.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) -
http://61.66.158.124:1025/VatDec.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) -
http://www.pysoft.co...amPlayerOCX.cab
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) -
https://www-307.ibm....ntent/AcpIR.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVKProxy - G DATA Software AG - D:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: FaxTalk Messenger Pro 7.0 - Thought Communications, Inc. - D:\Program Files\FaxTalk Messenger Pro 7.0\FTMSGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status - Hewlett-Packard Company - D:\WINDOWS\system32\hpb2ksrv.exe
O23 - Service: HP Status Print - Unknown owner - D:\WINDOWS\system32\hpbhksrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetOp Helper ver. 9.00 (2006157) (NetOp Host for NT Service) - Danware Data A/S - D:\Program Files\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec2\SavRoam.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Unknown owner - D:\Program Files\Symantec2\Rtvscan.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - D:\WINDOWS\system32\wwSecure.exe