Hi guys, been using Spybot for a while now but have never posted before now. I can't seem to resolve this thing on my own for some reason.

Recently my step daughter opened an E-card (yeah, I know, I know) and things went ugly very fast.

I have read over some of the other posts on this board about similar instances so I hope I am doing this right.

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:21:14 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tammy\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2519BDBD-39A6-490E-A1C0-0620E5976DB6} - C:\WINDOWS\system32\pmkjk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {713BA4E4-BC66-4929-A77D-426BB0136C2F} - \
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E641446-E8C1-4E47-AD25-4B65FC44DD38} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: (no name) - {884D7FB2-8A13-44A0-8041-518A010DE936} - C:\WINDOWS\system32\jkkll.dll (file missing)
O2 - BHO: 0 - {8F9076AF-1575-4C70-95A4-46C0D2624C08} - C:\Program Files\Messenger\woruki.dll (file missing)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\kgthxpvh.dll (file missing)
O2 - BHO: (no name) - {983E7E4C-C8D8-8776-F7A8-C3DEC8C25BC4} - C:\WINDOWS\system32\lcd.dll (file missing)
O2 - BHO: (no name) - {CE7C763F-9BAA-870A-DAAF-93ABDF0250C3} - C:\WINDOWS\system32\twhz.dll (file missing)
O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\tuvssst.dll (file missing)
O2 - BHO: (no name) - {E5F1FA17-5482-4AF9-802F-5DABE04C8481} - \
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{7B-B1-1E-EA-ZN}] C:\windows\system32\mpdsrngm.exe CHD003
O4 - HKLM\..\Run: [sanygeqe] C:\Program Files\MSN\sanygeqe22011.exe
O4 - HKCU\..\Run: [fowq] C:\Program Files\Common Files\fowq\fowqm.exe
O4 - HKCU\..\Run: [Jwkho] C:\WINDOWS\system32\A?pPatch\?hkntfs.exe
O4 - HKCU\..\Run: [Bntq] "C:\Documents and Settings\Tammy\Application Data\s?stem\j?vaw.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Hzernl] "C:\Documents and Settings\Tammy\Application Data\?ymbols\w?crtupd.exe"
O4 - HKCU\..\Run: [Ulxqrjuk] "C:\Documents and Settings\Tammy\My Documents\W?nSxS\w?nspool.exe"
O4 - Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173144199953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184600427250
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: gebbyvw - gebbyvw.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)
O20 - Winlogon Notify: tuvssst - tuvssst.dll (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Well, opening an infected ecard will do it, but let me show you this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\j2re1.4.2_03\ <<< java is BADLY out of date. Download the newest version and uninstall all old versions in Add Remove programs.

1) It is obvious to me you have been fighting a Vundo infection. Please mention all tools you have used in your next post.

2) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)

3) Thanks to sUBs and anyone else who helped with this fix.

Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Thanks

Thanks for the tips. I will try that once I get home. I didn't see the reply before I left for work this morning.

Thanks is not a problem, take the time you need to follow the directions carefully and post what I requested when you can.

Thanks

OK here we go.

The programs that I/we have used on the machine are:

AdAware
Spybot S&D
Computer Assoc Virus and Adware Removal
Microsoft Malware

Here is the HJT Uninstall log:

1st Pricing
501 Legal Forms and Form Letters
Ad-Aware SE Professional
Adobe Reader 7.0.9
AIM 6
AOL Toolbar 5.0
AOLIcon
Apple Software Update
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
CADSymbols 2.0
CIF USB CAMERA
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Dell Support 3.1
DellConnect
Digital Line Detect
ELIcon
Google
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
hp psc 1310 series
HP Software Update
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Java(TM) 6 Update 2
Macromedia Flash Player 8
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Media Manager 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! 2.0
Modem Helper
MSXML 4.0 SP2 (KB927978)
MySpaceIM
NetWaiting
Perfect Attorney - Business
Perfect Attorney - Federal
Perfect Attorney - Forms
Perfect Attorney - Tutorials
PlanWrite - Business Plan Writer Deluxe
PowerDVD 5.5
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Skype 2.0
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
TurboCAD Deluxe 14
Update for Windows Media Player 10 (KB913800)
Update Rollup 2 for Windows XP Media Center Edition 2005
Verizon Online DSL
Verizon Online Help & Support
Verizon Servicepoint 1.3.21
Verizon Yahoo! Applications
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Yahoo! Internet Mail


Here is the Combofix log:

ComboFix 07-08-14.4 - "Tammy" 2007-08-16 17:54:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.185 [GMT -4:00]


((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))


2007-08-15 17:28 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-08-15 17:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-15 16:42 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 16:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-14 20:59 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-08-14 13:49 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-13 19:20 <DIR> d-------- C:\DOCUME~1\Tammy\APPLIC~1\U3
2007-08-03 15:38 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-08-03 15:37 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-08-03 15:36 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-07-28 06:33 <DIR> d-------- C:\DOCUME~1\Tammy\APPLIC~1\acccore
2007-07-28 06:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-07-28 06:32 <DIR> d-------- C:\Program Files\AIM6
2007-07-28 06:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-07-26 18:32 <DIR> d-------- C:\Winatty
2007-07-26 18:32 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2007-07-26 18:26 <DIR> d-------- C:\WINDOWS\Asym
2007-07-26 18:20 <DIR> d-------- C:\Program Files\Cosmi
2007-07-26 18:20 <DIR> d-------- C:\Program Files\Common Files\Cosmi
2007-07-25 18:03 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-23 13:48 <DIR> d-------- C:\Program Files\IMSI
2007-07-23 13:35 <DIR> d-------- C:\Program Files\IMSIDesign
2007-07-23 13:35 <DIR> d-------- C:\DOCUME~1\Tammy\APPLIC~1\IMSIDesign
2007-07-23 13:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\IMSIDesign
2007-07-21 16:26 <DIR> d-------- C:\DOCUME~1\Tammy\APPLIC~1\BRS
2007-07-21 16:25 <DIR> d-------- C:\Program Files\Common Files\Nova Development
2007-07-21 16:23 <DIR> d-------- C:\Program Files\Nova Development
2007-07-19 07:10 1,792,026 --ahs---- C:\WINDOWS\system32\hhkmp.bak2
2007-07-17 17:49 6,365 --ahs---- C:\WINDOWS\system32\hhkmp.bak1
2007-07-16 12:34 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-16 12:27 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-07-16 12:27 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-16 12:12 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-16 12:07 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-07-16 12:07 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-07-16 12:07 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-07-16 11:57 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-07-16 11:48 23,040 --------- C:\WINDOWS\kb913800.exe
2007-07-16 10:23 107,688 --------- C:\WINDOWS\TrueInstall.exe
2007-07-16 10:01 256 --a------ C:\syswaoi.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-15 16:32 --------- d-------- C:\Program Files\Messenger
2007-07-28 06:33 --------- d-------- C:\Program Files\Viewpoint
2007-07-28 06:32 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-23 09:10 879832 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-07-23 09:10 108360 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-07-18 22:26 --------- d-------- C:\Program Files\Microsoft Picture It!
2007-07-16 11:27 --------- d-------- C:\Program Files\Sonic
2007-07-16 11:00 --------- d-------- C:\Program Files\AIM
2007-07-16 11:00 --------- d-------- C:\DOCUME~1\Tammy\APPLIC~1\Aim
2007-06-25 20:35 --------- d-------- C:\Program Files\Media Manager
2007-06-25 10:50 --------- d-------- C:\Program Files\Common Files\fowq
2007-06-05 17:53 19520 --a------ C:\WINDOWS\system32\JD363RLT.exe
2007-05-16 11:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2007-03-17 00:56:37 104 --sh--r C:\WINDOWS\system32\033F217E34.sys
2007-03-17 00:56:37 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 22:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 22:50]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 15:20]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-03-21 08:43]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-03-21 08:43]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-06-17 01:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"{7B-B1-1E-EA-ZN}"="C:\windows\system32\mpdsrngm.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fowq"="C:\Program Files\Common Files\fowq\fowqm.exe" []
"Jwkho"="C:\WINDOWS\system32\A?pPatch\?hkntfs.exe" []
"Bntq"="C:\Documents and Settings\Tammy\Application Data\s?stem\j?vaw.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"Hzernl"="C:\Documents and Settings\Tammy\Application Data\?ymbols\w?crtupd.exe" []
"Ulxqrjuk"="C:\Documents and Settings\Tammy\My Documents\W?nSxS\w?nspool.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Tammy\Start Menu\Programs\Startup\
Introducing Media Manager.lnk - C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE [1997-07-15]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-22 01:43:27]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 00:31:38]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Messenger\babyxe.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbyvw]
gebbyvw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhh]
C:\WINDOWS\system32\pmkhh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvssst]
tuvssst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tammy^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Tammy\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tammy^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\Tammy\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]
C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1140907305\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfileWatcher]
C:\Program Files\ProfileWatcher\profilewatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

R2 MMIndexer;Media Manager Indexer;C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 17:57:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-16 17:59:15
C:\ComboFix-quarantined-files.txt ... 2007-08-16 17:59
C:\ComboFix2.txt ... 2007-08-15 16:37

--- E O F ---

Thanks for returning your information and the feedback.. Looking at the Uninstall list for security issues and malware and see none, I will show you this:
Viewpoint Media Player
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546

I am not seeing a lot in the combofix log either.

Would you please post the HJT log I requested:
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Thanks

No response from this member to my request for a HijackThis log since 8/16/2007, this topic is closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.