Hi. I've followed the advice from the posts in the thread: http://forums.spybot.info/showthread.php?p=95532

The VundoFix isn't finding anything to fix. Here are my VundoFix and HJTlogs.

This is the Symantec AntiVirus Notification. Definitions 6/23/2007 rev.7 (As irony would have it, I was surfing while my new definitions were downloading.)

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan Horse
File: C:\WINDOWS\system32\gebbayv.dll
Location: C:\WINDOWS\system32
Computer: JUSTIFIED
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Sat Jun 23 16:10:28 2007

Thank you for any assistance you may be able to provide.

Peter

HJT:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:16:09 PM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Comodo\Personal Firewall\CPF.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Peter\Desktop\VundoFix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Peter\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 218.97.217.34:8080
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\gebbayv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Comodo Personal Firewall] C:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://qbo.qa.quickbooks.com/c3/v18.098/qboax10.cab
O20 - Winlogon Notify: gebbayv - C:\WINDOWS\SYSTEM32\gebbayv.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

--
End of file - 10201 bytes

VundoFix

VundoFix V6.5.1

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 3:58:05 PM 6/23/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.1

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 4:06:20 PM 6/23/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.1

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 4:21:33 PM 6/23/2007

Listing files found while scanning....

Here's a rather uncomfortable experience. I left my computer running the TrendMicro scan, put my son to bed, and returned to have my desktop locked and requiring a password. I've never had a password on the machine (truth be told I thought only XP Pro, like this laptop, required a password.

How bad is this? How do I access my computer?

Wow, it's really getting buggy now. Turns off the Spybot Tea thing, my Norton AntiBot (Beta) my Norton AntiVirus. Boy, this machine is just crawling now.

I ran the combofix thing
ComboFix 07-06-18.2 - C:\Documents and Settings\Peter\Desktop\ComboFix.exe
"Peter" - 2007-06-23 20:33:37 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\WinAntiSpyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\Peter\APPLIC~1.\WinAntiSpyware 2007
C:\DOCUME~1\Peter\APPLIC~1.\WinAntiSpyware 2007 Free
C:\DOCUME~1\Peter\APPLIC~1.\WinAntiSpyware 2007 Free\DownloadUWAS7.url
C:\DOCUME~1\Peter\APPLIC~1.\WinAntiSpyware 2007\Logs\update.log
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe


((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))


2007-06-23 20:31 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 16:48 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-23 16:46 <DIR> d-------- C:\DOCUME~1\Peter\.housecall6.6
2007-06-23 15:58 <DIR> d-------- C:\VundoFix Backups
2007-06-23 15:44 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
2007-06-23 15:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-23 14:43 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\Symantec
2007-06-23 14:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-06-23 14:38 79,872 --a------ C:\WINDOWS\system32\drivers\FOPN.sys
2007-06-23 14:38 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
2007-06-23 14:35 6,438 --ahs---- C:\WINDOWS\system32\hhkmp.bak1
2007-06-23 14:28 31,254 --a------ C:\WINDOWS\system32\gebbayv.dll
2007-06-23 14:02 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\Opera
2007-06-23 10:13 <DIR> d-------- C:\BROTHER_BEAR
2007-06-23 09:43 <DIR> d-------- C:\Program Files\iTunes
2007-06-23 09:43 <DIR> d-------- C:\Program Files\iPod
2007-06-13 14:00 <DIR> d-------- C:\WINDOWS\vf_hip
2007-06-13 14:00 <DIR> d-------- C:\Program Files\Hide IP Platinum
2007-06-12 21:44 <DIR> d-------- C:\Program Files\Apple Software Update


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-24 03:29:21 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\OpenOffice.org2
2007-06-23 21:43:09 -------- d-----w C:\Program Files\Symantec
2007-06-23 16:42:41 -------- d-----w C:\Program Files\QuickTime
2007-06-13 20:59:17 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\Azureus
2007-06-13 19:44:57 -------- d-----w C:\Program Files\Azureus
2007-06-13 02:25:03 -------- d-----w C:\Program Files\Joost
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 02:41:45 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\vlc
2007-05-13 02:38:43 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\dvdcss
2007-05-13 02:38:01 -------- d-----w C:\Program Files\VideoLAN
2007-05-09 02:38:31 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\Joost
2007-04-28 03:44:03 -------- d-----w C:\Program Files\DIFX
2007-04-28 03:43:44 -------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2007-04-28 03:43:17 -------- d-----w C:\Program Files\Pure Networks
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}=C:\Program Files\Outerinfo\Outerinfo.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 00:05]
{DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\system32\gebbayv.dll [2007-06-23 14:28]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 06:56]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-12-12 22:57]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 12:35]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 18:05]
"Comodo Personal Firewall"="C:\Program Files\Comodo\Personal Firewall\CPF.exe" [2007-02-10 10:43]
"Comodo Launch Pad Tray"="C:\Program Files\Comodo\LaunchPad\CLPTray.exe" [2007-02-21 20:43]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 17:00]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 15:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"Salestart"="C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe" []
"NortonAntiBot"="C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" [2007-05-29 01:05]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\system32\gebbayv.dll" [2007-06-23 14:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbayv]
gebbayv.dll


Contents of the 'Scheduled Tasks' folder
2007-06-13 04:44:48 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2005-12-23 04:14:32 C:\WINDOWS\tasks\ISP signup reminder 1.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-23 20:52:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-23 20:53:38
C:\ComboFix-quarantined-files.txt ... 2007-06-23 20:53

--- E O F ---



AND:



2007-06-06 10:35 618496 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir
2007-06-23 14:38 0 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\err.log.vir
2007-06-23 14:38 1909 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Peter\APPLIC~1\WinAntiSpyware 2007\Logs\update.log.vir
2007-06-23 14:38 20 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode.vir
2007-06-23 14:38 5 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr.vir
2007-06-23 14:39 105 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Peter\APPLIC~1\WinAntiSpyware 2007 Free\DownloadUWAS7.url.vir


Folder PATH listing
Volume serial number is 3449-B9B3
C:\QOOBOX
\---Quarantine
+---C
| +---DOCUME~1
| | +---ALLUSE~1
| | | \---APPLIC~1
| | | \---WinAntiSpyware 2007
| | | \---Data
| | | Abbr.vir
| | | ProductCode.vir
| | |
| | \---Peter
| | \---APPLIC~1
| | +---WinAntiSpyware 2007
| | | \---Logs
| | | update.log.vir
| | |
| | \---WinAntiSpyware 2007 Free
| | DownloadUWAS7.url.vir
| |
| \---Program Files
| \---Common Files
| \---WinAntiSpyware 2007
| err.log.vir
| WAS7Mon.exe.vir
|
\---Registry_backups



Hope it helps.

Thanks,

Peter

Hey, no nagging, just the latest news. The Norton AntiBot picked up and quarantined the cmd.exe virus. I've unplugged the machine, and since it's a fairly new computer maybe it's worth just wiping and starting from scratch.

Thanks for helping me.

Peter

Hi there. :)

Hi. I've followed the advice from the posts in the thread: http://forums.spybot.info/showthread.php?p=95532
Did you miss our sticky topic. "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)


Going it alone and following advice and fixes specifically given to another member is risky, your symptoms may only appear to be similar.

Also, the volume of posts to your own topic, can mislead helpers into believing you are already being assisted. :sick:

Best regards.