I am unable to remove the virtumunde virus from my computer and I am continuously getting pop ups for Winantivirus2007. I have run AVG, Ad-Aware, and Spybot. I ran spybot probably 7 times and it fixed everything except one entry of Virtumunde. Below please find my log from HJT. Your help is appreciated as I am about to throw my computer out a window!:eek:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:45 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\wvtpbrqk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.kermantel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lkdsrngo.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://irviln1.emcor.net/iNotes6W.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189061372671
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0121D513-6DB0-4606-B868-D65E465B711B}: NameServer = 206.169.105.7,206.169.105.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{0121D513-6DB0-4606-B868-D65E465B711B}: NameServer = 206.169.105.7,206.169.105.6
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12009 bytes

And here is the Kaspersky Log
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, September 13, 2007 6:46:43 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 13/09/2007
Kaspersky Anti-Virus database records: 412838
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
I:\

Scan Statistics:
Total number of scanned objects: 93780
Number of viruses found: 4
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 02:40:33

Infected Object Name / Virus Name / Last Action
C:\check_LSA7.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{EBD0DA83-0162-4D4C-9693-ECB8FF2E83B0}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Travis Green\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped
C:\Documents and Settings\Travis Green\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Travis Green\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Travis Green\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Travis Green\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Travis Green\Local Settings\Temp\2c60_appcompat.txt Object is locked skipped
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\WinAntiVirusPro2007FreeInstall[1].cab/UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\WinAntiVirusPro2007FreeInstall[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\WinAntiSpyware2007FreeInstall[1].cab/UWAS7_0001_N99M3108NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\WinAntiSpyware2007FreeInstall[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Travis Green\Local Settings\Temp\winaspsnet.exe Infected: not-a-virus:Downloader.Win32.WinFixer.w skipped
C:\Documents and Settings\Travis Green\Local Settings\Temp\~DF31BD.tmp Object is locked skipped
C:\Documents and Settings\Travis Green\Local Settings\Temporary Internet Files\Content.IE5\2XCX8ZQR\WinAntiSpyware2007FreeInstall[1].cab/UWAS7_0001_N99M3108NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Travis Green\Local Settings\Temporary Internet Files\Content.IE5\2XCX8ZQR\WinAntiSpyware2007FreeInstall[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Travis Green\Local Settings\Temporary Internet Files\Content.IE5\2XCX8ZQR\WinAntiVirusPro2007FreeInstall[1].cab/UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Travis Green\Local Settings\Temporary Internet Files\Content.IE5\2XCX8ZQR\WinAntiVirusPro2007FreeInstall[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Travis Green\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Travis Green\Local Settings\Temporary Internet Files\Content.IE5\O5AF0DAF\valera[1] Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Travis Green\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Travis Green\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP500\A0058827.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP501\A0058836.exe Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP506\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\2PortalMon_Debug.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{19C85212-B7D4-49CC-93E3-384EAA4FDBAA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gnctgkyn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mmkxwrvo.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\qbvpejqa.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\rfnbdsvl.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wvtpbrqk.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\xouurpmt.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\Temp\fb_136.lck Object is locked skipped
C:\WINDOWS\Temp\mcafee_hyH5tPKG9vPic6c Object is locked skipped
C:\WINDOWS\Temp\mcafee_TBhM4bkhvLhqCqz Object is locked skipped
C:\WINDOWS\Temp\mcmsc_IyfdzUk2JdF5dBP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_omALC3eq9yq6ZyM Object is locked skipped
C:\WINDOWS\Temp\mcmsc_vqxB6DDDXyrMi3S Object is locked skipped
C:\WINDOWS\Temp\mcmsc_wIEoX7HU3W6EuOu Object is locked skipped
C:\WINDOWS\Temp\sqlite_4Ubaulhooft8mZF Object is locked skipped
C:\WINDOWS\Temp\sqlite_d04bhFfA1IKsAtI Object is locked skipped
C:\WINDOWS\Temp\sqlite_eK4OWz2Xds6yAce Object is locked skipped
C:\WINDOWS\Temp\sqlite_FIlxZ6Th9Wr7fzT Object is locked skipped
C:\WINDOWS\Temp\sqlite_fXPeiF93JtA8gYD Object is locked skipped
C:\WINDOWS\Temp\sqlite_GDyAgXznSjcT1KS Object is locked skipped
C:\WINDOWS\Temp\sqlite_xqjyq2k2AuTsIBK Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

I think I may have messed up my original post :oops: Since I am a novice, I am trying this again. I am unable to remove the virtumunde virus from my computer and I am continuously getting pop ups for Winantivirus2007.

Here's what I have tried so far:
I have run AVG, Ad-Aware, and Spybot. Plus my anitvirus McAfee program. I ran spybot probably 7 times and it fixed everything except one entry of Virtumunde. Below please find my log from HJT. Your help is appreciated as I am about to throw my computer out a window!:mad:

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:45 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\wvtpbrqk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.kermantel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lkdsrngo.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball...GameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://irviln1.emcor.net/iNotes6W.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189061372671
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0121D513-6DB0-4606-B868-D65E465B711B}: NameServer = 206.169.105.7,206.169.105.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{0121D513-6DB0-4606-B868-D65E465B711B}: NameServer = 206.169.105.7,206.169.105.6
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12009 bytes

Hi

I've merged your 2 threads ...

First thing I want you to do is rename hijackthis ...

Find the :-

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

rename it to ...

C:\Program Files\Trend Micro\HijackThis\problems.exe

Then run it again & post the new log...

certain Vundo hides from hijackthis unless you rename it first .. as in your log ...

steam

Thank you so much for responding and sorry for so many posts!

I renamed the file and below is the log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:22 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\problems.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.kermantel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {B464D229-F0F9-46C0-8EBC-6AE55D6CBF71} - C:\WINDOWS\System32\pmnnk.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\skohytno.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lkdsrngo.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://irviln1.emcor.net/iNotes6W.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189061372671
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0121D513-6DB0-4606-B868-D65E465B711B}: NameServer = 206.169.105.7,206.169.105.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{0121D513-6DB0-4606-B868-D65E465B711B}: NameServer = 206.169.105.7,206.169.105.6
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\lhlmkfwh.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13223 bytes

Hi

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
1. Double-click VundoFix.exe to run it.
2. When VundoFix re-opens, click the Scan for Vundo button.
3. Once it's done scanning, click the Remove Vundo button.
4. You will receive a prompt asking if you want to remove the files, click "YES".
5. Once you click yes, your desktop will go blank as it starts removing Vundo.
6. When completed, it will prompt that it will reboot your computer, click "OK".

7. Please post the contents of C:\vundofix.txt

If vundofix cannot delete a file, it will try to delete it during a reboot, after the reboot vundofix will open again, you must run vundofix again, from "Click the Scan for Vundo button" ... and you must keep running vundofix until it does delete the file... I've known a stubborn vundo file take 5 or 6 reboots before it is deleted...

Keep running vundofix untill it gives you the message "no infected files were found"
THEN ...

Download Superantispyware.

http://www.superantispyware.com/

Once downloaded and installed update the definitions
and then run a full system scan quarantine what it finds!

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

http://www.superantispyware.com/definitions.html

* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.

THEN ...

Please download Combofix: http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.

Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

Please remember to post :-

1. C:\vundofix.txt file
2. SUPERAntiSpyware Scan Log
3. C:\ComboFix.txt
4. a new hijackthis log.( run after everything else)

steam

OK, I believe I followed each item step-by-step and am posting the 4 requested logs below. Again, thank you for your continued support! :)

VundoFix V6.5.8

Checking Java version...

Scan started at 8:12:55 PM 9/17/2007

Listing files found while scanning....

C:\windows\system32\aiavgbnf.ini
C:\windows\system32\fnbgvaia.dll
C:\windows\system32\ilthadhp.ini
C:\windows\system32\lepltqso.dll
C:\windows\system32\osqtlpel.ini
C:\windows\system32\phdahtli.dll
C:\WINDOWS\system32\skohytno.dll
C:\windows\system32\ucqxjsfw.dll
C:\windows\system32\udjehvnu.ini
C:\windows\system32\unvhejdu.dll
C:\windows\system32\wfsjxqcu.ini

Beginning removal...

Attempting to delete C:\windows\system32\aiavgbnf.ini
C:\windows\system32\aiavgbnf.ini Has been deleted!

Attempting to delete C:\windows\system32\fnbgvaia.dll
C:\windows\system32\fnbgvaia.dll Has been deleted!

Attempting to delete C:\windows\system32\ilthadhp.ini
C:\windows\system32\ilthadhp.ini Has been deleted!

Attempting to delete C:\windows\system32\lepltqso.dll
C:\windows\system32\lepltqso.dll Has been deleted!

Attempting to delete C:\windows\system32\osqtlpel.ini
C:\windows\system32\osqtlpel.ini Has been deleted!

Attempting to delete C:\windows\system32\phdahtli.dll
C:\windows\system32\phdahtli.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\skohytno.dll
C:\WINDOWS\system32\skohytno.dll Has been deleted!

Attempting to delete C:\windows\system32\ucqxjsfw.dll
C:\windows\system32\ucqxjsfw.dll Has been deleted!

Attempting to delete C:\windows\system32\udjehvnu.ini
C:\windows\system32\udjehvnu.ini Has been deleted!

Attempting to delete C:\windows\system32\unvhejdu.dll
C:\windows\system32\unvhejdu.dll Has been deleted!

Attempting to delete C:\windows\system32\wfsjxqcu.ini
C:\windows\system32\wfsjxqcu.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.8

Checking Java version...

Scan started at 8:34:55 PM 9/17/2007

Listing files found while scanning....

No infected files were found.

And here is the SUPERAntispyware Log

And the SUPERAntispyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/17/2007 at 11:24 PM

Application Version : 3.9.1008

Core Rules Database Version : 3308
Trace Rules Database Version: 1314

Scan type : Complete Scan
Total Scan Time : 02:22:29

Memory items scanned : 542
Memory threats detected : 1
Registry items scanned : 6010
Registry threats detected : 23
File items scanned : 86305
File threats detected : 258

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\PMNNK.DLL
C:\WINDOWS\SYSTEM32\PMNNK.DLL
HKLM\Software\Classes\CLSID\{C17E75A7-E774-45F0-A6BF-81881D8B9591}
HKCR\CLSID\{C17E75A7-E774-45F0-A6BF-81881D8B9591}
HKCR\CLSID\{C17E75A7-E774-45F0-A6BF-81881D8B9591}\InprocServer32
HKCR\CLSID\{C17E75A7-E774-45F0-A6BF-81881D8B9591}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C17E75A7-E774-45F0-A6BF-81881D8B9591}

Adware.Tracking Cookie
C:\Documents and Settings\Travis Green\Cookies\travis green@buzznet.112.2o7[1].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@ads.realtechnetwork[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@trafficmp[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@reduxads.valuead[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@atdmt[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@cpvfeed[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@adopt.euroclick[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@mediaservices.myspace[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@login.tracking101[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@ads.pointroll[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@server.iad.liveperson[1].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@sexbuddies[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@cgi-bin[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@brightcove.112.2o7[1].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@tremor.adbureau[3].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@ad[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@edge.ru4[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@questionmarket[1].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@linksynergy[3].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@a.websponsors[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@ads.lasvegas[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@ads.pointroll[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@ads.vegas[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@advertising[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@apmebf[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@belnk[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@bluestreak[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@casalemedia[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@cnn.122.2o7[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@data4.perf.overture[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@dist.belnk[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@edge.ru4[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@ehg-directv.hitbox[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@fastclick[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@icc.intellisrv[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@kanoodle[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@northwestairlines.112.2o7[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@overture[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@partner2profit[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@realmedia[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@revenue[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@serving-sys[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@statcounter[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@tradedoubler[1].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@trafficmp[2].txt
C:\Documents and Settings\Alicia Green\Cookies\alicia green@z1.adserver[1].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@ad.yieldmanager[1].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@adrevolver[1].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@drivecleaner[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@linksynergy[1].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@linksynergy[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@linksynergy[4].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@mediatraffic[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@stats.manticoretechnology[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@tremor.adbureau[2].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@winantispyware[1].txt
C:\Documents and Settings\Travis Green\Cookies\travis green@www.winantiviruspro[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@adrevolver[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@adrevolver[2].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@ads.realtechnetwork[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@atdmt[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@azjmp[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@doubleclick[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@fastclick[2].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@i.screensavers[2].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@screensavers[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@statcounter[2].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@trafficmp[2].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@tremor.adbureau[2].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@tribalfusion[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@winantispyware[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@winantivirus[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@www.screensavers[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@www.winantispyware[1].txt
C:\Documents and Settings\Travis Green\Local Settings\Temp\Cookies\travis green@www.winantiviruspro[1].txt

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Trojan.Downloader-Gen/WinPop
C:\Program Files\WinPop

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\DOCUMENTS AND SETTINGS\TRAVIS GREEN\LOCAL SETTINGS\TEMP\WINASPSNET.EXE

Here is more of the SUPERAntispyware Log (it was too long to send in one post)

Adware.eZula
C:\SYSTEM VOLUME INFORMATION\_RESTORE{970BF179-4538-46F7-A171-F13CFC09440B}\RP500\A0058827.EXE
C:\WINDOWS\SYSTEM32\GNCTGKYN.EXE
C:\WINDOWS\SYSTEM32\MMKXWRVO.EXE
C:\WINDOWS\SYSTEM32\QBVPEJQA.EXE
C:\WINDOWS\SYSTEM32\RFNBDSVL.EXE
C:\WINDOWS\SYSTEM32\WVTPBRQK.EXE
C:\WINDOWS\SYSTEM32\XOUURPMT.EXE
C:\WINDOWS\Prefetch\GNCTGKYN.EXE-32410A20.pf
C:\WINDOWS\Prefetch\WVTPBRQK.EXE-10A40135.pf

Adware.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{970BF179-4538-46F7-A171-F13CFC09440B}\RP505\A0059738.CFG

Trace.Known Threat Sources
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\styles[1].css
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\shadow_bg1[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\bt_download1[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\link_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\ten[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\minus[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\new_article[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\box_sm[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\download[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\ratings[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\menu_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\h_text[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\logo[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\comp_naw[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\dot_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\awful[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\bg_testi_bottomright[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\box[1].jpg
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\test[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\star_full[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\pic3[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\bottom_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\bg_testi_topright[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\box_sm1[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\mac[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\bg_testi_topleft[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\pic2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\header_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\star_empty[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\h4_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\pic1[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\small2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\bg_testi_bottomleft[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\main_box[1].png
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\spacer[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\exellent[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\bg_testi_right[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\topbox_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\plus[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\small3[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\info_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\bg_rate_left[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\shadow_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\four_plus_one[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\small1[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\bottom_threats[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\bg_testi_subleft[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\na_li_item[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\dot[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\body_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\boxh_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\box_sm2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\top_threats[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\bg_rate_right[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\pic1[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\box2[1].png
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\download2[1].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\pic3[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\header_bg[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\mac[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\bt_download31[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\main_box[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\wav_banner[1].swf
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\boxh_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\index[3].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\fearight[1].jpg
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\spacer[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\box1[1].png
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\bt_download2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\corner[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\shadow_bg1[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\info_bg[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\antiviru[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\link_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\box3[1].png
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\index[2].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\bar[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\logo[3].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\top1_menu[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\functions.js[1].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\index[4].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\not[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\top1[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\CA0VU1E5.js
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\small1[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\bottom_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\topbox_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\bt_download4[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\list[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\top1_menu[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\small3[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\bg_ban[1].jpg
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\styles[1].css
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\download2[1].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\arrow[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\body_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\top1[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\functions.js[1].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\ico2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\pic2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\pic4[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\arrow[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\download2[2].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\index[1].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\index[4].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\img_03[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\dot[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\ico1[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\CADSQD9Z.js
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\box4[1].png
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\top_pic2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\waw_demolish[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\winxp[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\index[3].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\tb_03[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\spacer[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\wav_banner[1].swf
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\button2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\img_11[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\CA0ISOBR.js
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\img_37[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\checksoft[1].js
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\check[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\small2[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\yes[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\four_plus_one[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\styles[1].css
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\img_02[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\button2[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\WinAntiSpyware2007FreeInstall[1].cab
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\checksoft[2].js

Here is the rest of the SUPERAntispyware Log...

C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\index[5].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\img_01[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\bar[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\h_text[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\img_13[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\bt_bgT[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\img_14[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\index[6].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\shadow_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\menu_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\4in1[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\top_pic_new2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\img_12[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\download2[2].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\int_bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\checksoft[1].js
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\button2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\win1[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\wav_banner[1].swf
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\CA6IZ75S.js
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\top1[2].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\logo[7].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\S3UNEPMD\no[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\index[5].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\CA2JIVEX.js
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\box2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\index[7].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\index[4].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\top1_menu[3].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\index[5].htm
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\arrow[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\tb_01[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\J73AXF1J\win2[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\spacer[4].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBBR23NH\bg[1].gif
C:\Documents and Settings\Travis Green\Local Settings\Temp\Temporary Internet Files\Content.IE5\MR115BL1\boton1[1].gif

The Combofix log...

ComboFix 07-09-18 - "Travis Green" 2007-09-17 23:41:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.88 [GMT -7:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\TRAVIS~1\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\DOCUME~1\TRAVIS~1\STARTM~1\Programs\Startup\ta_start.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\f02WtR

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 )))))))))))))))))))))))))))))))
.

2007-09-17 23:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 20:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-17 20:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-17 20:41 <DIR> d-------- C:\DOCUME~1\TRAVIS~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-17 20:12 <DIR> d-------- C:\VundoFix Backups
2007-09-12 20:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-12 20:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-12 20:24 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-11 20:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-09 19:32 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-09 19:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-09 19:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-09 16:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-07 20:28 <DIR> d-------- C:\DOCUME~1\TRAVIS~1\APPLIC~1\McAfee
2007-09-07 20:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-07 10:21 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-09-07 10:20 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-09-07 10:20 <DIR> d-------- C:\DOCUME~1\TRAVIS~1\APPLIC~1\SiteAdvisor
2007-09-07 10:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-07 10:18 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-09-07 10:14 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-07 10:14 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-09-07 10:14 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-07 10:14 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-09-07 10:14 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-07 10:13 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-09-07 10:12 <DIR> d-------- C:\Program Files\McAfee.com
2007-09-07 10:11 <DIR> d-------- C:\Program Files\McAfee
2007-09-07 10:11 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-09-07 09:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-07 08:57 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-07 08:57 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-07 08:57 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-07 08:47 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-06 09:35 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-06 09:29 2,012,998 ---hs---- C:\WINDOWS\system32\knnmp.bak2
2007-09-06 07:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-06 00:22 <DIR> d-------- C:\WINDOWS\provisioning
2007-09-06 00:22 <DIR> d-------- C:\WINDOWS\peernet
2007-09-06 00:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-06 00:09 <DIR> d-------- C:\WINDOWS\EHome
2007-09-05 22:48 <DIR> d-------- C:\WINDOWS\pss
2007-09-05 22:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2007-09-05 21:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Symantec Temporary Files
2007-09-05 21:28 2,005,022 ---hs---- C:\WINDOWS\system32\knnmp.bak1
2007-09-05 21:23 <DIR> d--hs---- C:\WINDOWS\QWxpY2lhIEdyZWVu
2007-09-05 21:23 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-09-05 21:23 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-09-05 21:23 <DIR> d-------- C:\WINDOWS\system32\capcom
2007-08-28 15:48 <DIR> d-------- C:\DOCUME~1\TRAVIS~1\APPLIC~1\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 21:48 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-09-09 21:38 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-09 21:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-09 21:26 --------- d-------- C:\Program Files\InterActual
2007-09-07 08:41 --------- d-------- C:\Program Files\IrfanView
2007-08-13 20:27 --------- d-------- C:\Program Files\PERRLA
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EE1A714-252A-43C7-9ED2-20E5453D3C78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 14:51]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 12:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 12:08]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" []
"Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"nwiz"="nwiz.exe" [2003-12-10 11:08 C:\WINDOWS\system32\nwiz.exe]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" []
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-06-26 18:04]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-06-26 18:04]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" []
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 20:55]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-10-28 12:03]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"CamMonitor"="C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 01:23]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2003-10-10 03:14]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 14:57]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE [2004-06-06 12:10:18]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Event Planner Reminders.lnk - C:\Program Files\Sierra\Planner\PLNRnote.exe [2003-03-12 12:14:10]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-29 22:49:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
"C:\Documents and Settings\Travis Green\Application Data\Smilebox\SmileboxTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)

R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys
R3 wltwo48b;2Wire Wireless PC Card Driver;C:\WINDOWS\system32\DRIVERS\wltwo48b.sys
S3 CE3;Xircom Ethernet Adapter 10/100 Service;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;C:\WINDOWS\system32\DRIVERS\m4301A.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-07 18:35:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-07 17:13:05 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-07 17:13:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-17 23:49:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-17 23:56:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-17 23:56
.
--- E O F ---

And finally a new HighJackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:55 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\problems.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.kermantel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {1EE1A714-252A-43C7-9ED2-20E5453D3C78} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://irviln1.emcor.net/iNotes6W.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189061372671
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0121D513-6DB0-4606-B868-D65E465B711B}: NameServer = 206.169.105.7,206.169.105.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{0121D513-6DB0-4606-B868-D65E465B711B}: NameServer = 206.169.105.7,206.169.105.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12964 bytes

Hi

You are running an out-of-date version of java

jre1.5.0 now has update _11 ... But jre1.6.0 is much faster...

Go to add/remove programs and uninstall any earlier versions ...

Then You can go here and install the latest version of Java.

http://java.sun.com/javase/downloads/index.jsp

Scroll down the page to 'Java Runtime Environment (JRE) 6' and press the 'Download' button.


Running an out-of-date version of java is an infection risk.

-
Then ...

Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

O2 - BHO: (no name) - {1EE1A714-252A-43C7-9ED2-20E5453D3C78} - (no file)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
-
Then...

Open notepad and copy/paste the text in the code box below into it:
[b]NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)


File::
C:\WINDOWS\system32\knnmp.bak2
C:\WINDOWS\system32\knnmp.bak1

Folder::
C:\WINDOWS\QWxpY2lhIEdyZWVu
C:\WINDOWS\system32\drvr2
C:\WINDOWS\system32\cfig322
C:\WINDOWS\system32\capcom



Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

How's the computer running now ?

steam

Hi

To answer your question, my internet is running much better, no pop ups! :bigthumb:

But, the log on or reboot seems to be taking a long time. Not sure if related or not, but this did not used to be the case.

Thank you for your continued assitance and here are the logs you requested...

ComboFix 07-09-18 - "Travis Green" 2007-09-18 18:52:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.144 [GMT -7:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\knnmp.bak2
C:\WINDOWS\system32\knnmp.bak1
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\QWxpY2lhIEdyZWVu
C:\WINDOWS\system32\capcom
C:\WINDOWS\system32\cfig322
C:\WINDOWS\system32\drvr2
C:\WINDOWS\system32\knnmp.bak1
C:\WINDOWS\system32\knnmp.bak2

.
((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.

2007-09-17 23:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 20:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-17 20:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-17 20:41 <DIR> d-------- C:\DOCUME~1\TRAVIS~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-17 20:12 <DIR> d-------- C:\VundoFix Backups
2007-09-12 20:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-12 20:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-12 20:24 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-11 20:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-09 19:32 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-09 19:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-09 19:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-09 16:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-07 20:28 <DIR> d-------- C:\DOCUME~1\TRAVIS~1\APPLIC~1\McAfee
2007-09-07 20:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-07 10:21 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-09-07 10:20 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-09-07 10:20 <DIR> d-------- C:\DOCUME~1\TRAVIS~1\APPLIC~1\SiteAdvisor
2007-09-07 10:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-07 10:18 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-09-07 10:14 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-07 10:14 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-09-07 10:14 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-07 10:14 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-09-07 10:14 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-07 10:13 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-09-07 10:12 <DIR> d-------- C:\Program Files\McAfee.com
2007-09-07 10:11 <DIR> d-------- C:\Program Files\McAfee
2007-09-07 10:11 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-09-07 09:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-07 08:57 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-07 08:57 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-07 08:57 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-07 08:47 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-06 09:35 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-06 07:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-06 00:22 <DIR> d-------- C:\WINDOWS\provisioning
2007-09-06 00:22 <DIR> d-------- C:\WINDOWS\peernet
2007-09-06 00:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-06 00:09 <DIR> d-------- C:\WINDOWS\EHome
2007-09-05 22:48 <DIR> d-------- C:\WINDOWS\pss
2007-09-05 22:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2007-09-05 21:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Symantec Temporary Files
2007-08-28 15:48 <DIR> d-------- C:\DOCUME~1\TRAVIS~1\APPLIC~1\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 21:48 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-09-09 21:38 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-09 21:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-09 21:26 --------- d-------- C:\Program Files\InterActual
2007-09-07 08:41 --------- d-------- C:\Program Files\IrfanView
2007-08-13 20:27 --------- d-------- C:\Program Files\PERRLA
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-26 08:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 07:09 658944 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-17_235532.03 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,168 2007-07-12 08:22:00 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-07-12 08:22:04 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-07-12 09:22:38 C:\WINDOWS\system32\javaws.exe
.
----a-w 24,670 2004-01-01 10:50:41 C:\WINDOWS\system32\java.exe
----a-w 28,768 2004-01-01 10:50:41 C:\WINDOWS\system32\javaw.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 14:51]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 12:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 12:08]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" []
"Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"nwiz"="nwiz.exe" [2003-12-10 11:08 C:\WINDOWS\system32\nwiz.exe]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" []
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-06-26 18:04]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-06-26 18:04]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" []
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 20:55]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-10-28 12:03]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"CamMonitor"="C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 01:23]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2003-10-10 03:14]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 14:57]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE [2004-06-06 12:10:18]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Event Planner Reminders.lnk - C:\Program Files\Sierra\Planner\PLNRnote.exe [2003-03-12 12:14:10]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-29 22:49:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
"C:\Documents and Settings\Travis Green\Application Data\Smilebox\SmileboxTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)

R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys
R3 wltwo48b;2Wire Wireless PC Card Driver;C:\WINDOWS\system32\DRIVERS\wltwo48b.sys
S3 CE3;Xircom Ethernet Adapter 10/100 Service;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;C:\WINDOWS\system32\DRIVERS\m4301A.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-07 18:35:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-07 17:13:05 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-07 17:13:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 18:56:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-18 18:57:35
C:\ComboFix-quarantined-files.txt ... 2007-09-18 18:57
C:\ComboFix2.txt ... 2007-09-17 23:56
.
--- E O F ---

And here is the new highjackthis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:11 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\problems.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.kermantel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://irviln1.emcor.net/iNotes6W.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189061372671
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0121D513-6DB0-4606-B868-D65E465B711B}: NameServer = 206.169.105.7,206.169.105.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{0121D513-6DB0-4606-B868-D65E465B711B}: NameServer = 206.169.105.7,206.169.105.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12955 bytes

Hi

Your logs are clean now ... :)

Cleaning out your temp files & folders may help with the startup ...

Download CCleaner from :-

http://www.filehippo.com/download_ccleaner/ (click the download tab)

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

doubleclick the ccsetup.exe file and install the program...

After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Make sure the "windows" tab is selected

Under "internet explorer" tick...

Temporary internet files
Cookies* > see Note below
History
Recently typed URL's (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history


under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

Other explorer MRU's (leave this unticked if you DON'T want to clear lists such as the start\run list)

under "System"

Tick ALL these ...


under "Advanced"

no need to tick any of these (but you can if you want, and realise what they do)


Applications tab...

These will mostly clean out old log files for these applications...

Clean:- (if you use them)

Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm
...
Personally I clean everything in the applications tab... but you tick what you want...

Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

click "analyse" if you want to see a list of what is going to be removed, before it is removed.

Or

click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

"This process will permanently delete files from your system. Are you sure you wish to proceed?"

click OK.

cheers

steam

Steam -

Thank you for all of your help on this. My computer is back to normal and I have some sanity!:bigthumb:

You're very welcome :)

Happy surfing

steam