lauraj

Thank you so much for your answer. I was just about to post to let you know not to worry about my request. My husband decided to work on my computer and I think we have it all cleaned up. I think we have run the updated malwarebytes, as well as spybot search and destroy, superantispyware, and avg. Sorry I didn't get back to let you know this before now. We just ran the last scan last night. Thanks, Laura

Not trying to bump, just decided it might be helpful to add hijackthis log file. Just did scan and save file, didn't try to fix anything. thanks, Laura Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:02:27 PM, on 12/31/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SYSTEM32\SPOOLSV.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\winscenter.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Jones Boys\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe C:\Documents and Settings\Jones Boys\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jonesboys/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {3154153A-2DF7-4830-A1AC-E971EFF61149} - C:\WINDOWS\system32\opnnommK.dll (file missing) O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hgGArOHW.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Jjucofulohoqusiw] rundll32.exe "C:\WINDOWS\Ysaguno.dll",e O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Jones Boys\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jones Boys\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-21-478309604-1421531346-3062559071-1009\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'ASPNET') O4 - HKUS\S-1-5-21-478309604-1421531346-3062559071-1009\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'ASPNET') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O20 - AppInit_DLLs: uohtzv.dll onjbwf.dll fgevrr.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: hgGArOHW - hgGArOHW.dll (file missing) O21 - SSODL: ieModule - {A2409B4E-8B0F-475A-9CC8-532D61616C3F} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll O21 - SSODL: InternetConnection - {C2EDEB14-3C29-4420-86A4-7EFE477BABE5} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\hidelhcnnk.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: WLANKEEPER - Intel

I found the instructions for the correct order of procedures to run scans after I had already started a malwarebytes scan. It took 8 hours. I have attached the log here. I ran the full scan on the C: drive. As I have seen in the instructions, I will wait to do anything else until after somebody responds to my post. I know that security guard is still on the computer, but I am at least able to use the internet now. After I ran the malwarebytes, I rebooted. It tried to open malwarebytes automatically but it could not because I had to rename the file to get it to run. I really appreciate that people can come here for help. I don't know what I would do without some help. I almost lost many months worth of work. I bought an external hard drive this afternoon to start doing regular backups as soon as I get this machine cleaned up. Here is the malwarebytes log: Malwarebytes' Anti-Malware 1.31 Database version: 1456 Windows 5.1.2600 Service Pack 3 12/31/2008 4:30:41 PM mbam-log-2008-12-31 (16-30-41).txt Scan type: Full Scan (C:\|) Objects scanned: 172691 Time elapsed: 7 hour(s), 56 minute(s), 39 second(s) Memory Processes Infected: 1 Memory Modules Infected: 4 Registry Keys Infected: 34 Registry Values Infected: 8 Registry Data Items Infected: 2 Folders Infected: 6 Files Infected: 58 Memory Processes Infected: C:\DOCUMENTS AND SETTINGS\JONES BOYS\APPLICATION DATA\gadcom\gadcom.exe (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\ihwhrxhb.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\opnnommK.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\woradsfq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hgGArOHW.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3154153a-2df7-4830-a1ac-e971eff61149} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{3154153a-2df7-4830-a1ac-e971eff61149} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3154153a-2df7-4830-a1ac-e971eff61149} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggarohw (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf5c6a80-c938-478c-bc8b-8d7b00788154} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedRunner (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c108dcb (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.SpywareGuard) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jjucofulohoqusiw (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnnommk -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnnommk -> Delete on reboot. Folders Infected: C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Application Data\speedrunner (Adware.SurfAccuracy) -> Delete on reboot. Files Infected: C:\WINDOWS\system32\opnnommK.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\Kmmonnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Kmmonnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ihwhrxhb.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\bhxrhwhi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\woradsfq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGArOHW.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Local Settings\Temporary Internet Files\Content.IE5\50QOJPR6\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Local Settings\Temporary Internet Files\Content.IE5\JITO65PY\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Local Settings\Temporary Internet Files\Content.IE5\JITO65PY\upd105320[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hsfyevkf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSarxx.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSScfbv.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSoity.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSvoql.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\axqqockf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\TDSSmhlt.sys (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Program Files\Webtools\webtools.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Delete on reboot. C:\Documents and Settings\Jones Boys\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\WINDOWS\Ysaguno.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv571230107173.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv971230256010.cpx (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSlxcp.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xxywwUmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRhEusS.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iifFWMEw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Local Settings\Temp\__14.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Local Settings\Temp\__16.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Local Settings\Temp\__1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Local Settings\Temp\__1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Local Settings\Temp\TDSSce7e.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Jones Boys\Local Settings\Temp\TDSSd3ae.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSkkai.log (Trojan.TDSS) -> Quarantined and deleted successfully.