drew

I was before I used javaRA. I will keep an eye on it and let you know if any problems arise. Thanks man!

hijackthis! log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:28:54 PM, on 5/18/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exeC:\Program Files\Juniper\NetScreen-Remote\IreIKE.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exec:\program files\lenovo\system update\suservice.exeC:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\Lenovo\Rescue and Recovery\rrservice.exeC:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exeC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeC:\Program Files\Common Files\Lenovo\Logger\logmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\tp4serv.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\WINDOWS\system32\TpShocks.exeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Lenovo\AwayTask\AwaySch.EXEC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeC:\Program Files\Lenovo\Client Security Solution\cssauth.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXEC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXEC:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXEC:\Program Files\Microsoft Office\Office12\EXCEL.EXEC:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exeC:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Microsoft Office\Office12\WINWORD.EXEC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exeO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [TpShocks] TpShocks.exeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXEO4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeO4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeO4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silentO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [EZEJTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exeO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-21-587819492-3587137056-2399155095-1109\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'drew.patten')O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: NetScreen-Remote (2).lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exeO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://pyle-aegistech.dyndns.org/activex/AMC.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://netcordia.webex.com/client/T26L/nbr/ieatgpc.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = netcordia.localO17 - HKLM\Software\..\Telephony: DomainName = netcordia.localO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = netcordia.localO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = netcordia.localO20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dllO23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeO23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Update Service (gupdate1c995f5b7103c34) (gupdate1c995f5b7103c34) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exeO23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXEO23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exeO23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exeO23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXEO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exeO23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exeO23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exeO23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeO23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe --End of file - 13502 bytesJavaRa log; JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon May 18 15:31:00 2009 Found and removed: C:\Windows\System32\jpicpl32.cpl Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip ------------------------------------ Finished reporting.Thanks man.

Here you go my man: Combo Fix:]/b] ComboFix 09-05-05.04 - don.pyle 05/06/2009 8:38.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1505 [GMT -4:00]Running from: c:\documents and settings\don.pyle\Desktop\ComboFix.exeAV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). c:\windows\system32\bahegatu.dllc:\windows\system32\bojowomi.exec:\windows\system32\gejimeka.dllc:\windows\system32\nemudodi.exec:\windows\system32\vegugomo.exec:\windows\system32\viberisa.dll .((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 ))))))))))))))))))))))))))))))). 2009-05-05 17:57 . 2009-05-05 17:57 -------- d-----w c:\program files\Trend Micro2009-04-30 20:38 . 2009-05-05 20:59 -------- d-----w C:\QUARANTINE2009-04-30 20:34 . 2009-01-28 00:50 34408 ----a-w c:\windows\system32\drivers\mfebopk.sys2009-04-30 20:34 . 2009-01-28 00:50 65000 ----a-w c:\windows\system32\drivers\mfeapfk.sys2009-04-30 20:34 . 2009-01-28 00:50 73512 ----a-w c:\windows\system32\drivers\mfeavfk.sys2009-04-30 20:34 . 2009-01-28 00:50 52168 ----a-w c:\windows\system32\drivers\mfetdik.sys2009-04-30 20:34 . 2009-01-28 00:50 177864 ----a-w c:\windows\system32\drivers\mfehidk.sys2009-04-30 20:34 . 2009-04-30 20:34 -------- d-----w c:\program files\Common Files\McAfee2009-04-30 20:32 . 2008-07-02 19:23 1495552 ----a-w c:\windows\system32\epoPGPsdk.dll2009-04-30 20:32 . 2009-04-30 20:32 -------- d-----w c:\program files\Common Files\Cisco Systems2009-04-30 20:32 . 2009-04-30 20:34 -------- d-----w c:\program files\McAfee2009-04-30 20:32 . 2009-04-30 20:34 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee2009-04-30 20:31 . 2008-07-02 19:23 3798187 ----a-w c:\windows\FramePkg.exe2009-04-30 20:22 . 2009-04-30 20:22 -------- d-----w c:\documents and settings\don.pyle\Application Data\Malwarebytes2009-04-30 20:22 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys2009-04-30 20:22 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys2009-04-30 20:22 . 2009-04-30 20:22 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes2009-04-30 20:22 . 2009-04-30 20:22 -------- d-----w c:\program files\Malwarebytes' Anti-Malware2009-04-27 13:07 . 2009-04-27 13:07 -------- d-----w c:\documents and settings\don.pyle\Application Data\Logs2009-04-27 13:01 . 2009-04-27 13:01 -------- d-----w c:\documents and settings\All Users\Application Data\QuickDownloadPack2009-04-27 13:01 . 2009-04-27 13:01 -------- d-----w C:\My Downloads2009-04-27 13:01 . 2009-04-30 20:11 -------- d-----w c:\documents and settings\don.pyle\Application Data\QuickDownloadPack .(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-03 16:18 . 2007-12-19 21:37 5427 ----a-w c:\windows\system32\EGATHDRV.SYS2009-03-20 15:01 . 2009-02-18 03:15 70984 ----a-w c:\documents and settings\don.pyle\g2mdlhlpx.exe2009-02-24 16:19 . 2009-02-18 13:54 24744 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-02-18 02:57 . 2008-11-17 12:23 3636864 ----a-w c:\windows\system32\drivers\NETw5x32.sys2009-02-18 02:57 . 2008-06-20 14:33 2756608 ----a-w c:\windows\system32\NETw5r32.dll2009-02-18 02:57 . 2008-06-20 14:32 663552 ----a-w c:\windows\system32\NETw5c32.dll2009-02-09 20:15 . 2006-04-30 07:12 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-02-09 18:13 . 2008-05-06 16:20 256 ----a-w c:\windows\system32\pool.bin2009-02-09 11:13 . 2006-04-30 06:55 1846784 ------w c:\windows\system32\win32k.sys. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ptmsgfrm.exe"="c:\program files\WebEx\Productivity Tools\ptmsgfrm.exe" [2009-01-06 42312]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 425984]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-10-27 143360]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]"EZEJTRAY"="c:\progra~1\ThinkPad\UTILIT~1\EZEJTRAY.EXE" [2008-10-08 227904]"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-07-02 136512]"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-28 111952]"TrackPointSrv"="tp4serv.exe" - c:\windows\system32\tp4serv.exe [2005-07-12 94208]"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2006-03-16 106496]"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-19 24576]hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-6-16 28672]NetScreen-Remote (2).lnk - c:\program files\Juniper\NetScreen-Remote\SafeCfg.exe [2008-3-25 77876] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]2006-08-16 17:07 49152 ------w c:\program files\Lenovo\AwayTask\AwayNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]2008-10-27 14:57 32768 ----a-w c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]2005-07-05 14:45 28672 ------w c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]2005-11-30 11:16 24576 ------w c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli ACGina [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-587819492-3587137056-2399155095-1109\Scripts\Logon\[u]0[/u]\[u]0[/u]]"Script"=logon.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-587819492-3587137056-2399155095-1109\Scripts\Logon\1\[u]0[/u]]"Script"=user_logon.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-587819492-3587137056-2399155095-1606\Scripts\Logon\[u]0[/u]\[u]0[/u]]"Script"=user_logon.vbs [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetScreen-Remote.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NetScreen-Remote.lnkbackup=c:\windows\pss\NetScreen-Remote.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"="c:\program files\Juniper\NetScreen-Remote\ViewLog.exe"= c:\program files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"c:\program files\Juniper\NetScreen-Remote\CmonApp.exe"= c:\program files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"c:\program files\Juniper\NetScreen-Remote\vpn.exe"= c:\program files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [12/19/2007 5:21 PM 88576]R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [3/25/2008 4:54 PM 138296]R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [12/19/2007 5:21 PM 4736]R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [12/19/2007 5:21 PM 4442]R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [3/25/2008 4:54 PM 536634]R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 7:55 PM 3968]R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [3/25/2008 4:54 PM 36188]R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [12/19/2007 5:11 PM 13840]S2 gupdate1c995f5b7103c34;Google Update Service (gupdate1c995f5b7103c34);c:\program files\Google\Update\GoogleUpdate.exe [2/23/2009 4:31 PM 133104]S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2/17/2009 11:50 PM 58240] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da8e5544-fd5c-11dd-b7c7-001cbf6835d0}]\Shell\AutoRun\command - D:\LaunchU3.exe -a.Contents of the 'Scheduled Tasks' folder 2009-05-06 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-18 18:02] 2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 20:31] 2009-05-06 c:\windows\Tasks\PMTask.job- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-12-19 16:13].- - - - ORPHANS REMOVED - - - - HKCU-Run-Google Update - c:\documents and settings\don.pyle\Local Settings\Application Data\Google\Update\GoogleUpdate.exeNotify-NavLogon - (no file) .------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uDefault_Search_URL = hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-06 08:42Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1356)c:\program files\ThinkPad\ConnectUtilities\ACNotify.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\windows\system32\tphklock.dllc:\program files\Lenovo\AwayTask\AwayNotify.dll - - - - - - - > 'lsass.exe'(1412)c:\program files\ThinkPad\ConnectUtilities\ACGina.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\program files\ThinkPad\ConnectUtilities\ACON.dllc:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dllc:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dllc:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dllc:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dllc:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll.Completion time: 2009-05-06 8:44ComboFix-quarantined-files.txt 2009-05-06 12:44 Pre-Run: 30,096,932,864 bytes freePost-Run: 30,152,568,832 bytes free 193 --- E O F --- 2009-03-24 10:37HiJack this! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:46:30 AM, on 5/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exeC:\Program Files\Juniper\NetScreen-Remote\IreIKE.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exec:\program files\lenovo\system update\suservice.exeC:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\Lenovo\Rescue and Recovery\rrservice.exeC:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exeC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeC:\Program Files\Common Files\Lenovo\Logger\logmon.exeC:\WINDOWS\system32\tp4serv.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\WINDOWS\system32\TpShocks.exeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Lenovo\AwayTask\AwaySch.EXEC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeC:\Program Files\Lenovo\Client Security Solution\cssauth.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXEC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXEC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\explorer.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO1 - Hosts: 82.98.231.89 url.adtrgt.comO1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.netO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exeO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [TpShocks] TpShocks.exeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXEO4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeO4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeO4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silentO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [EZEJTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exeO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: NetScreen-Remote (2).lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exeO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://netcordia.webex.com/client/T26L/nbr/ieatgpc.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = netcordia.localO17 - HKLM\Software\..\Telephony: DomainName = netcordia.localO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = netcordia.localO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = netcordia.localO20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dllO23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeO23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Update Service (gupdate1c995f5b7103c34) (gupdate1c995f5b7103c34) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exeO23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXEO23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exeO23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exeO23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXEO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exeO23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exeO23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exeO23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeO23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe --End of file - 12990 bytes

This computer got the vundoo...bad. So I ran malware bytes and it removed it (see last log). I then installed virusscan software and to this day, roughly a week later the vundoo virus has re-appeared, albeit it gets deleted via the virusscan. I would like to stop it alltogether, or figure out which file is allowing it to manifest itself. Can someone help me out? Hijack this: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:01 PM, on 5/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exeC:\Program Files\Juniper\NetScreen-Remote\IreIKE.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\tp4serv.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\WINDOWS\system32\TpShocks.exeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Lenovo\AwayTask\AwaySch.EXEC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeC:\Program Files\Lenovo\Client Security Solution\cssauth.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXEC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXEC:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exec:\program files\lenovo\system update\suservice.exeC:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\Lenovo\Rescue and Recovery\rrservice.exeC:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exeC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeC:\Program Files\Common Files\Lenovo\Logger\logmon.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO1 - Hosts: 82.98.231.89 url.adtrgt.comO1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.netO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exeO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [TpShocks] TpShocks.exeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXEO4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeO4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeO4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silentO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [EZEJTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJTRAY.EXEO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\don.pyle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: NetScreen-Remote (2).lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exeO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://netcordia.webex.com/client/T26L/nbr/ieatgpc.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = netcordia.localO17 - HKLM\Software\..\Telephony: DomainName = netcordia.localO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = netcordia.localO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = netcordia.localO20 - AppInit_DLLs: , O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dllO23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeO23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Update Service (gupdate1c995f5b7103c34) (gupdate1c995f5b7103c34) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exeO23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXEO23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exeO23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeO23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exeO23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXEO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exeO23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exeO23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exeO23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeO23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe --End of file - 13463 bytesCurrent Malwayre bytes: Malwarebytes' Anti-Malware 1.36Database version: 2062Windows 5.1.2600 Service Pack 3 5/5/2009 2:01:21 PMmbam-log-2009-05-05 (14-01-21).txt Scan type: Quick ScanObjects scanned: 99119Time elapsed: 5 minute(s), 40 second(s) Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:(No malicious items detected) Registry Values Infected:(No malicious items detected) Registry Data Items Infected:(No malicious items detected) Folders Infected:(No malicious items detected) Files Infected:(No malicious items detected)Current VirusScan: 5/5/2009 1:47:19 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP286\A0035941.dll Vundo.gen.ap (Trojan)5/5/2009 1:48:15 PM Deleted NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\abiselam.ini Vundo!grb (Trojan)5/5/2009 1:48:44 PM Deleted NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\hovebozi.exe Vundo.gen.ap (Trojan)Original MB log: Malwarebytes' Anti-Malware 1.36Database version: 2062Windows 5.1.2600 Service Pack 3 4/30/2009 4:28:44 PMmbam-log-2009-04-30 (16-28-44).txt Scan type: Quick ScanObjects scanned: 100079Time elapsed: 4 minute(s), 42 second(s) Memory Processes Infected: 0Memory Modules Infected: 5Registry Keys Infected: 39Registry Values Infected: 5Registry Data Items Infected: 5Folders Infected: 11Files Infected: 31 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:C:\WINDOWS\system32\pinuziza.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\ribemago.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\gibumeye.dll (Trojan.Vundo.H) -> Delete on reboot.c:\WINDOWS\system32\redolugo.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\jaditibi.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d13382a3-50a6-4a4f-9b84-f20a7f0a4d9e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{d13382a3-50a6-4a4f-9b84-f20a7f0a4d9e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d13382a3-50a6-4a4f-9b84-f20a7f0a4d9e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\iercpt.iercptbho (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\iercpt.iercptbho.1 (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{59c345ba-3d5e-44e3-9d10-d3848af15d73} (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{d4cdc21d-43be-4101-a1ef-e379f134771e} (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{a6fbd2e4-1c7e-4eab-80dd-01de2645566a} (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\AppID\{3a9377a6-be7f-485d-908c-d44114691389} (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d4cdc21d-43be-4101-a1ef-e379f134771e} (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4cdc21d-43be-4101-a1ef-e379f134771e} (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\SpywareRemover2009 (Rogue.SpywareRemover) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\SpywareRemover2009 (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\AppID\iercpt.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac5f87da (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nonehinoha (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmaf6cb446 (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\redolugo.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jaditibi.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jaditibi.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected:C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\SpywareRemover2009 (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009 (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully. Files Infected:C:\WINDOWS\system32\memowuga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\aguwomem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\pinuziza.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\azizunip.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\gibumeye.dll (Trojan.Vundo.H) -> Delete on reboot.c:\WINDOWS\system32\redolugo.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\ribemago.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\jaditibi.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\jokilake.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\system32\yeyanido.exe (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\don.pyle\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\don.pyle\Local Settings\Temp\rasesnet.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\don.pyle\Local Settings\Temp\wavvsnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\don.pyle\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\restore.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\Abbr (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\ActivationCode (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\ProductCode (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\Contact Customer Support.url (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\SpywareRemover2009 Online Manual.url (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\SpywareRemover2009.lnk (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\Uninstall SpywareRemover2009.lnk (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\ovfsthkniotdgbitokrrworsqoxvmmohssoopg.sys (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ovfsthrbkejovbrqmnrrhevsvkfgkvpmphvhtr.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\bizuzuti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\don.pyle\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareRemover2009.lnk (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.

Combofix has been running for ever, now its at "Please allow ComboFix to reboot the machine." I manually rebooted it and here is the log: ComboFix 08-06-19.2 - Brian Patten 2008-06-20 13:20:04.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.148 [GMT -4:00]Running from: C:\Documents and Settings\Brian Patten\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Brian Patten\Desktop\CFScript.txt * Created a new restore point FILE ::C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dllC:\WINDOWS\system32\awtsPJYq.dllC:\WINDOWS\system32\efcCssSj.dllC:\WINDOWS\system32\kxgcmere.dllC:\WINDOWS\system32\ovtjsffm.dll. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). C:\WINDOWS\BM447b567e.xmlC:\WINDOWS\pskt.iniC:\WINDOWS\system32\awtsPJYq.dllC:\WINDOWS\system32\efcCssSj.dllC:\WINDOWS\system32\jnacdqbc.dllC:\WINDOWS\system32\jSssCcfe.iniC:\WINDOWS\system32\jSssCcfe.ini2C:\WINDOWS\system32\kxgcmere.dllC:\WINDOWS\system32\mffsjtvo.iniC:\WINDOWS\system32\ovtjsffm.dll .((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))). 2008-06-20 13:17 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl2008-06-20 13:16 . 2008-06-20 13:16 <DIR> d-------- C:\Program Files\Common Files\Java2008-06-20 10:22 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys2008-06-20 10:22 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys2008-06-20 00:39 . 2008-06-20 00:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U32008-06-19 23:54 . 2008-06-19 23:55 <DIR> d-------- C:\QUARANTINE2008-06-19 23:41 . 2008-06-19 23:41 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData2008-06-19 23:22 . 2008-06-19 23:22 <DIR> d-------- C:\_OTMoveIt2008-06-19 22:48 . 2008-06-19 22:48 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems2008-06-19 22:48 . 2008-06-19 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee2008-06-19 22:48 . 2006-11-17 03:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll2008-06-19 22:48 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys2008-06-19 22:48 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys2008-06-19 22:48 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys2008-06-19 22:48 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys2008-06-19 22:48 . 2006-11-17 03:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig2008-06-19 22:47 . 2006-11-30 08:50 168,776 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys2008-06-19 22:46 . 2008-06-19 22:48 <DIR> d-------- C:\Program Files\McAfee2008-06-19 22:46 . 2008-06-19 22:46 <DIR> d-------- C:\Program Files\Common Files\McAfee2008-06-19 22:36 . 2008-06-19 22:36 <DIR> d-------- C:\Documents and Settings\Brian Patten\Application Data\Malwarebytes2008-06-19 22:18 . 2008-06-20 09:50 <DIR> d-------- C:\VundoFix Backups2008-06-19 22:04 . 2008-06-19 22:05 <DIR> d-------- C:\!KillBox2008-06-19 21:36 . 2008-06-19 21:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes2008-06-19 21:34 . 2008-06-19 22:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware2008-06-19 21:34 . 2008-06-19 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-06-19 21:34 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys2008-06-19 21:34 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys2008-06-19 21:32 . 2004-11-20 07:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec2008-06-19 21:32 . 2004-11-20 07:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic2008-06-19 21:32 . 2004-11-20 07:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer2008-06-19 21:32 . 2008-06-19 23:41 <DIR> d-------- C:\Documents and Settings\Administrator2008-06-19 21:26 . 2008-06-20 10:22 <DIR> d-------- C:\Documents and Settings\Brian Patten\Application Data\U32008-06-08 21:32 . 2008-06-20 14:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn2008-06-08 21:32 . 2008-06-08 21:32 1,409 --a------ C:\WINDOWS\QTFont.for .(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-20 17:17 --------- d-----w C:\Program Files\Java2008-06-20 04:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared2008-06-20 04:14 --------- d-----w C:\Program Files\Norton AntiVirus2008-05-20 19:32 --------- d-----w C:\Program Files\Common Files\Command Software2008-05-20 19:26 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-05-10 23:27 --------- d-----w C:\Program Files\ItsDeductibleEX2008-04-26 02:21 --------- d-----w C:\Program Files\iTunes2008-04-26 02:21 --------- d-----w C:\Program Files\iPod2008-04-23 23:11 --------- d-----w C:\Documents and Settings\Brian Patten\Application Data\AdobeUM. ((((((((((((((((((((((((((((( snapshot@2008-06-20_11.00.27.50 ))))))))))))))))))))))))))))))))))))))))).+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll- 2008-06-20 14:50:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-06-20 18:30:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-03-25 04:50:25 554,008 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll- 2008-02-22 05:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe+ 2008-03-25 05:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe- 2008-02-22 05:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe+ 2008-03-25 05:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe- 2008-02-22 06:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe+ 2008-03-25 06:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe+ 2008-05-09 18:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe- 2004-08-04 08:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll- 2004-08-04 08:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll- 2004-08-04 08:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll- 2004-08-04 08:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll- 2004-08-04 08:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll- 2004-08-04 08:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll- 2004-08-04 08:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll- 2004-08-04 08:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll- 2004-08-04 08:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll- 2004-08-04 08:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll- 2004-08-04 08:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll- 2004-08-04 08:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll- 2004-08-04 08:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll- 2004-08-04 08:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll- 2004-08-04 08:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll- 2004-08-04 08:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe" [ ]"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-09-12 14:58 4670704]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 10:01 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 16:48 155648]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 16:43 118784]"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 05:01 110592]"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 12:25 98394]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 12:24 688218]"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 17:19 290816]"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-13 18:34 229438]"HPWNTOOLBOX"="C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe" [2004-07-01 18:47 327680]"AS00_Gear511"="C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2003-07-31 03:52 401408]"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20 50744]"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 16:42 509224]"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 08:50 112216]"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 14:20:06 54512] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 18:43]S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg511nd5.sys [2003-06-20 14:47] .Contents of the 'Scheduled Tasks' folder"2008-06-07 21:01:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-20 14:31:31Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?1?5?4??@???? ???B?????????????H<C? ?????? scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.Completion time: 2008-06-20 14:35:20ComboFix-quarantined-files.txt 2008-06-20 18:35:15ComboFix2.txt 2008-06-20 15:08:33 Pre-Run: 69,724,585,984 bytes freePost-Run: 69,679,828,992 bytes free 222 --- E O F --- 2008-06-20 15:05:39Are we good to go now?

Here you go my man: Combofix ComboFix 08-06-19.2 - ******** 2008-06-20 10:42:45.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.134 [GMT -4:00]Running from: F:\******\ComboFix.exe * Created a new restore point. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). C:\WINDOWS\BM447b567e.xmlC:\WINDOWS\pskt.iniC:\WINDOWS\system32\acgpjtqb.iniC:\WINDOWS\system32\aebxqdqh.dllC:\WINDOWS\system32\aiplfvwf.iniC:\WINDOWS\system32\awkubydb.iniC:\WINDOWS\system32\buyjpmvh.exeC:\WINDOWS\system32\bxqythbd.dllC:\WINDOWS\system32\ctmxltwj.iniC:\WINDOWS\system32\dmlffucp.iniC:\WINDOWS\system32\ekakjmfb.exeC:\WINDOWS\system32\eykkorpv.iniC:\WINDOWS\system32\fccployc.exeC:\WINDOWS\system32\ffmoitqt.iniC:\WINDOWS\system32\fmgampgx.iniC:\WINDOWS\system32\gdhvpbdd.exeC:\WINDOWS\system32\hrgokthi.exeC:\WINDOWS\system32\iexmjfxx.iniC:\WINDOWS\system32\jgioewnd.exeC:\WINDOWS\system32\jlkaengs.exeC:\WINDOWS\system32\jnpbuqsm.exeC:\WINDOWS\system32\jvjsklrg.dllC:\WINDOWS\system32\kevklibs.dllC:\WINDOWS\system32\kglabrjf.iniC:\WINDOWS\system32\kmlccfol.dllC:\WINDOWS\system32\kywqfikg.iniC:\WINDOWS\system32\lwwiieyb.exeC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\ncsqolrg.dllC:\WINDOWS\system32\npairtpp.dllC:\WINDOWS\system32\nsbswmhj.exeC:\WINDOWS\system32\ogstesqy.dllC:\WINDOWS\system32\ohwmrdgk.iniC:\WINDOWS\system32\onfxiypo.exeC:\WINDOWS\system32\oomhnsln.dllC:\WINDOWS\system32\osvafohe.exeC:\WINDOWS\system32\ovxggcws.dllC:\WINDOWS\system32\pojtwyer.iniC:\WINDOWS\system32\pvlfmwsw.exeC:\WINDOWS\system32\pxovywlp.dllC:\WINDOWS\system32\qngvdqdd.exeC:\WINDOWS\system32\qvjbkdii.dllC:\WINDOWS\system32\rhavdlcx.exeC:\WINDOWS\system32\rtjlemmy.dllC:\WINDOWS\system32\seiegyew.exeC:\WINDOWS\system32\smkwfxba.iniC:\WINDOWS\system32\ssirasok.exeC:\WINDOWS\system32\svqxdodp.iniC:\WINDOWS\system32\taaoifde.iniC:\WINDOWS\system32\tjdlivvo.dllC:\WINDOWS\system32\ttwjnfeq.exeC:\WINDOWS\system32\tygcdnid.iniC:\WINDOWS\system32\tythobpp.dllC:\WINDOWS\system32\ugafpyme.iniC:\WINDOWS\system32\wqsayddi.iniC:\WINDOWS\system32\wxpmjjxm.dllC:\WINDOWS\system32\ywsqhrny.dll .((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))). 2008-06-20 10:22 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys2008-06-20 10:22 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys2008-06-20 00:39 . 2008-06-20 00:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U32008-06-19 23:54 . 2008-06-19 23:55 <DIR> d-------- C:\QUARANTINE2008-06-19 23:41 . 2008-06-19 23:41 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData2008-06-19 23:22 . 2008-06-19 23:22 <DIR> d-------- C:\_OTMoveIt2008-06-19 22:48 . 2008-06-19 22:48 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems2008-06-19 22:48 . 2008-06-19 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee2008-06-19 22:48 . 2006-11-17 03:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll2008-06-19 22:48 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys2008-06-19 22:48 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys2008-06-19 22:48 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys2008-06-19 22:48 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys2008-06-19 22:48 . 2006-11-17 03:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig2008-06-19 22:47 . 2006-11-30 08:50 168,776 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys2008-06-19 22:46 . 2008-06-19 22:48 <DIR> d-------- C:\Program Files\McAfee2008-06-19 22:46 . 2008-06-19 22:46 <DIR> d-------- C:\Program Files\Common Files\McAfee2008-06-19 22:36 . 2008-06-19 22:36 <DIR> d-------- C:\Documents and Settings\Brian Patten\Application Data\Malwarebytes2008-06-19 22:18 . 2008-06-20 09:50 <DIR> d-------- C:\VundoFix Backups2008-06-19 22:04 . 2008-06-19 22:05 <DIR> d-------- C:\!KillBox2008-06-19 21:36 . 2008-06-19 21:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes2008-06-19 21:34 . 2008-06-19 22:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware2008-06-19 21:34 . 2008-06-19 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-06-19 21:34 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys2008-06-19 21:34 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys2008-06-19 21:32 . 2004-11-20 07:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec2008-06-19 21:32 . 2004-11-20 07:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic2008-06-19 21:32 . 2004-11-20 07:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer2008-06-19 21:32 . 2008-06-19 23:41 <DIR> d-------- C:\Documents and Settings\Administrator2008-06-19 21:26 . 2008-06-20 10:22 <DIR> d-------- C:\Documents and Settings\Brian Patten\Application Data\U32008-06-08 21:32 . 2008-06-20 10:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn2008-06-08 21:32 . 2008-06-08 21:32 1,409 --a------ C:\WINDOWS\QTFont.for .(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-20 04:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared2008-06-20 04:14 --------- d-----w C:\Program Files\Norton AntiVirus2008-05-20 19:32 --------- d-----w C:\Program Files\Common Files\Command Software2008-05-20 19:26 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-05-10 23:27 --------- d-----w C:\Program Files\ItsDeductibleEX2008-05-07 17:31 27,264 ------w C:\WINDOWS\system32\awtsPJYq.dll2008-04-26 02:21 --------- d-----w C:\Program Files\iTunes2008-04-26 02:21 --------- d-----w C:\Program Files\iPod2008-04-23 23:11 --------- d-----w C:\Documents and Settings\Brian Patten\Application Data\AdobeUM. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20107791-F846-4396-829C-5D1167EF7E0E}] C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4448F0CF-B2CF-4CD7-A108-E9A521781BEF}] C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{504D4782-3C40-4BA1-B00B-30B145AAB66D}]2008-06-20 10:56 316128 --a------ C:\WINDOWS\system32\efcCssSj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]2008-05-07 13:31 27264 --------- C:\WINDOWS\system32\awtsPJYq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD21240F-91DC-47A6-B14F-43F548033D32}] C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8F2915E-0B44-48BD-BA08-A15E10ECFCB0}] C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\1LLQ7RDM\3077ahntdksr[1].dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe" [ ]"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-09-12 14:58 4670704]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 10:01 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 16:48 155648]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 16:43 118784]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 05:01 110592]"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 12:25 98394]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 12:24 688218]"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 17:19 290816]"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-13 18:34 229438]"HPWNTOOLBOX"="C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe" [2004-07-01 18:47 327680]"AS00_Gear511"="C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2003-07-31 03:52 401408]"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20 50744]"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 16:42 509224]"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 08:50 112216]"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]"BM447b567e"="C:\WINDOWS\system32\kxgcmere.dll" [2008-06-20 10:57 102464]"474865e2"="C:\WINDOWS\system32\ovtjsffm.dll" [2008-06-20 10:59 94272] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-17 14:20:06 54512] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\awtsPJYq.dll [2008-05-07 13:31 27264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsPJYq]awtsPJYq.dll 2008-05-07 13:31 27264 C:\WINDOWS\system32\awtsPJYq.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\efcCssSj.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= .Contents of the 'Scheduled Tasks' folder"2008-06-07 21:01:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-20 10:52:23Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?1?5?4??????? ???B?????????????H<C? ?????? scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.--------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\awtsPJYq.dll PROCESS: C:\WINDOWS\explorer.exe-> C:\WINDOWS\system32\ovtjsffm.dll-> C:\WINDOWS\system32\kxgcmere.dll-> C:\WINDOWS\system32\efcCssSj.dll.------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\McAfee\Common Framework\naPrdMgr.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exeC:\Program Files\McAfee\Common Framework\Mctray.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exeC:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\SoftwareDistribution\Download\b0264899240408ce315fe572c84c0e59\update\update.exe.**************************************************************************.Completion time: 2008-06-20 11:04:13 - machine was rebootedComboFix-quarantined-files.txt 2008-06-20 15:03:44 Pre-Run: 69,138,075,648 bytes freePost-Run: 69,296,340,992 bytes free 229 --- E O F --- 2008-04-08 22:01:21hijackthis! Logfile of HijackThis v1.99.1Scan saved at 11:10:50 AM, on 6/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exeC:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXEC:\PROGRA~1\Yahoo!\browser\ybrwicon.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXEC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\explorer.exeC:\Documents and Settings\Brian Patten\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com/'>http://verizon.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hideO4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXEO4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostartO4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [474865e2] rundll32.exe "C:\WINDOWS\system32\ovtjsffm.dll",bO4 - HKLM\..\Run: [bM447b567e] Rundll32.exe "C:\WINDOWS\system32\kxgcmere.dll",sO4 - HKCU\..\Run: [iMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptopO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

My brother asked me to help him with his computer. When I first ran anti-malware it came back with 167 infected files. After it rebooted and I ran it again it came back with 6, all Vundo. Which I cant seem to get rid of. I have the AM and HJ logs but I cannot get panda or eset to run on his laptop. Hopefully you can help with just these two logs: AM - highlighted the problem files, killbox wasn't able to get rid of them either, they just come back after reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtspjyq (Adware.BHO) -> Delete on reboot. Malwarebytes' Anti-Malware 1.18Database version: 871 11:33:53 PM 6/19/2008mbam-log-6-19-2008 (23-33-53).txt Scan type: Quick ScanObjects scanned: 38053Time elapsed: 10 minute(s), 21 second(s) Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 12Registry Values Infected: 6Registry Data Items Infected: 1Folders Infected: 0Files Infected: 20 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:C:\WINDOWS\system32\awtsPJYq.dll (Adware.BHO) -> Unloaded module successfully. Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bc15cfa-06c6-4f76-81e3-3151b5f8a3df} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{7bc15cfa-06c6-4f76-81e3-3151b5f8a3df} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtspjyq (Adware.BHO) -> Delete on reboot.HKEY_CLASSES_ROOT\CLSID\{4c3fefb5-8deb-4037-bdb7-1cd699e542fd} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c3fefb5-8deb-4037-bdb7-1cd699e542fd} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM447b567e (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected:(No malicious items detected) Files Infected:C:\WINDOWS\system32\fccywULd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dLUwyccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\awtsPJYq.dll (Adware.BHO) -> Delete on reboot.C:\WINDOWS\system32\dvjqapup.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\iqxpfeie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\lmuffwxf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\rfnyuflu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\sccjbwlf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\taohechk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\uknuqxbt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\vcgdkmgx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\wquybddg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\yfcpbfqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\yfctjuxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\yvhoehdg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\Brian Patten\Local Settings\Temp\SystemDoctor2006FreeInstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\NWVEI74D\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\SP63CXMN\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ndnarwfr.dll (Trojan.Agent) -> Quarantined and deleted successfully.Hijackthis! O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtsPJYq.dll Logfile of HijackThis v1.99.1Scan saved at 12:40:20 AM, on 6/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Administrator\Application Data\U3\0000187115760A98\LaunchPad.exeF:\****me\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/verizon/*http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://verizon.yahoo.com/O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO2 - BHO: (no name) - {039A9623-3980-41AA-9D7D-443F08062332} - C:\WINDOWS\system32\tythobpp.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {4448F0CF-B2CF-4CD7-A108-E9A521781BEF} - C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtsPJYq.dllO2 - BHO: (no name) - {70F52DEA-7CFB-42DA-8536-51A2CCD57FA9} - C:\WINDOWS\system32\xxyASLEu.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: (no name) - {BD21240F-91DC-47A6-B14F-43F548033D32} - C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\I2EB8SFQ\3077ahntdksr[1].dllO2 - BHO: {36c7e488-5d2f-fee9-b354-bb328c71105c} - {c50117c8-23bb-453b-9eef-f2d5884e7c63} - C:\WINDOWS\system32\wirrfagp.dllO2 - BHO: (no name) - {C8F2915E-0B44-48BD-BA08-A15E10ECFCB0} - C:\Documents and Settings\Brian Patten\Local Settings\Temporary Internet Files\Content.IE5\1LLQ7RDM\3077ahntdksr[1].dll (file missing)O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hideO4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXEO4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostartO4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [bM447b567e] Rundll32.exe "C:\WINDOWS\system32\rtjlemmy.dll",sO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dllO9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptopO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dllO20 - Winlogon Notify: awtsPJYq - C:\WINDOWS\SYSTEM32\awtsPJYq.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeO23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXEThanks!