I just recently have been having problems with Task Manager not opening. I've gone to a few sites with people having the same issue and I followed the steps they had to fix it, but it doesn't work for me. Also, my internet just started going EXTREMELY slow today, but I don't know if thats a computer thing or a ISP thing. Hopefully the log can help me out here...

Logfile of HijackThis v1.99.1
Scan saved at 6:10:00 PM, on 12/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [ProgramChecker] C:\Program Files\Zenturi\ProgramChecker\pcheckp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thanks for the help in advance

Welcome to DAL,


Go into add/remove program and remove:(IF FOUND)

Viewpoint/viewpoint media/viewpoint media player
winupdates

Reboot if anything was removed


Please get these two spyware programs if you don't already have them.

SpyBotS&D

AdawareSE


Reboot between scans and after last scan



There is a new and improved version of AdAware that you need to have installed on your computer. The new version is AdAware SE
If you have AdAware already installed on your system and it's NOT SE go to your Control Panel and click on Add/Remove Programs. Click on AdAware and then REMOVE and then just complete the removal process.

Once it's un-installed go to http://www.lavasoft.de/ and download the FREE version of AdAware SE. Once it's downloaded double click on the new file to start the install process.
Click Next>I accept>Next>Next> then be sure and put a dot in the bullet for Anyone Who uses this computer and then click Next>Next>

In the next dialog box remove the dot in the bullets "Start Scan" and also "Launch Help Files" and click Finish

Now if the program doesn't launch double click on the icon that should now be on your desktop to start AdAware SE

Now click on the button for Check for Updates
If updates are found click on the OK button and after it downloads to 100% click on the Finish button.

Click the Start Button
Click on the link for Customize
in the Main Window under Scan Settings
click on the red X in front of Scan within archives to change it to a green check

Then click on the button on the left labeled Advanced
click on the red X in front of Move deleted files to Recycle Bin to change it to a green check
click on the red X in front of Include Environment Information to change it to a green check

Then click on the button on the left labeled Defaults
click on the Read current settings from system

Then click on the button on the left labeled Tweak
Click on the (+) in front of Scanning Engine to expand the group
click on the red X in front of Obtain Command line of scanned processes to change it to a green check
click on the red X in front of Run scan as background process to change it to a green check
click on the red X in front of Use permanent archive caching to change it to a green check

Click on the (+) in front of Cleaning Engine to expand the group
click on the red X in front of Disable manual quarantine if auto-quarantine is selected to change it to a green check

Click on the (+) in front of Safety Settings to expand the group
click on the red X in front of Reanalyze results after scanning . . . to change it to a green check
click on the red X in front of Write protect system files after repair to change it to a green check

Click on the (+) in front of Log File to expand the group
click on the red X Create Log File for removal operations to change it to a green check

Click on the (+) in front of User Interface to expand the group
click on the red X Remember window positions to change it to a green check
click on the red X Snap windows to desktop borders to change it to a green check
click on the red X Use gridlines in results list to change it to a green check

Click on the (+) in front of Web Update Settings to expand the group
click on the red X Create and save WebUpdate log file to change it to a green check

Click on the (+) in front of Misc settings to expand the group
click on the red X Dump details about unhandled exceptions to disk to change it to a green check


Then click on the button at the bottom right labeled Proceed then click the Next button to start scanning.

Once the scan is complete you'll have a flashing Bug and a brief sound to indicate scanning is complete and Adware is found. Click on the Next and then click on each of the empty boxes to the left of the found items under SCAN SUMMARY. Then hit the Next button. Then OK. This should clean your system of all the found nasties. When it's complete simply close the program until your next scan session. Always ALWAYS check for updates before very scan.
# Reboot
# Post us a fresh HijackThis log afterwards

OK I followed those steps, but I still cannot open my task manager. Here is a new log.

Logfile of HijackThis v1.99.1
Scan saved at 1:22:14 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart

11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator

5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

-Delay
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [ProgramChecker] C:\Program Files\Zenturi\ProgramChecker\pcheckp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN

Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program

Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program

Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Please remove viewpoint/viewpoint manager/viewpoint media player via add/remove program.

Also remove winupdates if present

Reboot


Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5


Download Clean.bat to your desktop(Save page as or Save as): for later use to clean out your TEMPORARY and PREFETCH files.
http://www.thatcomputerguy.us/downloads/clean.bat


Run hijackthis and click on scan button and put a check next to these:


O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto


Nothing open but hijackthis and click "fix checked"


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Hunt for and delete if present:

C:\Program Files\Viewpoint < folder
C:\Program Files\winupdates < folder


Now run that clean batch file you created earlier, type in 'Y' a couple of times and press enter at the prompts.


Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files
Click OK or Enter


Reboot normal mode and.....


Please download, install, update and scan your system with the free version of Ewido trojan scanner: www.ewido.net/en/download/

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

3. From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.

4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.


5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.


6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.


Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

OK thanks for the help, I can now access my task manager again. Here are the logs like you asked for.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:54:07 PM, 12/29/2005
+ Report-Checksum: F9C230

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\kevin\Complete\AlbumWeb Pro 2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Aquarium Desktop 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Ashampoo Burning Studio 5.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Audio Editor Gold 7.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Auto Power-on and Shut-down 1.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Avast Professional 4.6.739.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Babylon Pro 5.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\BubbleDiff 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Cleanerzoomer 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\CodeLobster 2.1.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\CrashDetective 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\DVD X Player Pro 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\DVDComposer 1.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Easy DVD To DVD Copy 3.0.27.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\FinePrint Enterprise Edition 5.35.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\FlashFXP 3.3.5.1110.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Futuremark 3DMark05 Pro 1.2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Game XP 1.5.2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Hard Disk Sentinel 1.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\ImTOO DVD Audio Ripper 2.0.39.127.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Invision Power Board 2.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Kaspersky Anti-Virus Personal 5.0.388.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Kingdia DVD Ripper 2.47.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Mail Inspector 2004 4.1.0.144.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Media Detective 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\MetaProducts Disk Watchman 1.7.151.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Movie DVD Maker 1.3.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\NOD32 2.50.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Nofeel FTP Server 3.0.2630.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Office DocumentsRescue Pro 2.6.71.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Opera 7.54.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\PowerZip 7.05.3879.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\QuickPersonnel 2005 1.5.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Registry Mechanic 5.0.0.136.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Security Explorer 5.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Spy Sweeper 4.0.4.458.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\SpyRemover 2.43.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\StartUp Organizer 2.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\Willing Webcam 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Complete\WinRescue XP 1.08.31.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\kevin@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\kevin@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\kevin@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\kevin@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\kevin\Cookies\kevin@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\softnyx\GunboundWC\GunBound.gme -> Backdoor.Agobot.agh : Cleaned with backup
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup


::Report End


and here's the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 6:55:52 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ProgramChecker] C:\Program Files\Zenturi\ProgramChecker\pcheckp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Thanks again for the help.