My company issued Dell laptop was infected / infested last Tuesday, just before tHanksgiving and I believe this to be due to our network email crashing and during rebuild the firewall was disabled along with our SPAM filtering devices.
Anyway I have run Spybot many times and keep finding Virtumonde, Hitbox, Zedo, DoubleClick, FastClick, MediaPlex and really need your help.
If this does not work, our only solution is to re-format the HD and re-install all software.

I have followed your instructions to the letter (I believe)

Below is my HJT Scan Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:18 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\TEMP\OEAD6B.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TSC.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idcsi.com/IDCSSite/IDCSWebSiteVs/Home.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.100.2.20:80
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [140313ec] rundll32.exe "C:\WINDOWS\system32\jeufvtsb.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188572179817
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188572173947
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://idcsi.webex.com/client/T26L/support/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = idcs.local
O17 - HKLM\Software\..\Telephony: DomainName = idcs.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = idcs.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = idcs.local
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)

--
End of file - 9145 bytes

The Kaspersky Scan Log is in Post #2

Email address is:
xxxxxxxx

Thanks for your looking at this for me.
Jim

Post 2 of 2
Kaspersky Scan Log is below

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 28, 2007 9:22:00 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/11/2007
Kaspersky Anti-Virus database records: 467928
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 64262
Number of viruses found: 14
Number of infected objects: 43
Number of suspicious objects: 0
Duration of the scan process: 01:53:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11262007-182606.log Object is locked skipped
C:\Documents and Settings\jlee\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\gdql_lsa_LinksysAgent.log Object is locked skipped
C:\Documents and Settings\jlee\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\glog.log Object is locked skipped
C:\Documents and Settings\jlee\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\LinksysAgent.log Object is locked skipped
C:\Documents and Settings\jlee\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\LinksysAgent_GTActions.log Object is locked skipped
C:\Documents and Settings\jlee\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jlee\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\jlee\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\jlee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jlee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jlee\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{33AFCC01-EDE3-4371-BD07-72A7D0547778} Object is locked skipped
C:\Documents and Settings\jlee\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jlee\Local Settings\Temporary Internet Files\Content.IE5\01234567\installer_en[2].exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\jlee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jlee\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\jlee\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\7mwF25j5.exe/EXE-file Infected: Trojan.Win32.Dialer.tn skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\7mwF25j5.exe Embedded EXE: infected - 1 skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\7mwF25j5.exe UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\7mwF25j5.exe PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\IDCS VPN-000006.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\IDCS VPN-000006.logaccount_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\IDCS VPN-000006.loginitial_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\IDCS VPN-000006.logLuuidDB Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\IDCS VPN-000006.logptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-012625.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-012625.logaccount_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-012625.loginitial_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-012625.logLuuidDB Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-012625.logptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_gui_tde.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_service_tde.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_watchdog_tde.log Object is locked skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\8154ff2675af1b6e0677560871425153[1].RB0/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\8154ff2675af1b6e0677560871425153[1].RB0 ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\8154ff2675af1b6e0677560871425153[1].RB0 CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\A0060409.RB0 Infected: Trojan.Win32.Patched.af skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\a8f5a020e4b833865a1034489887c8b9[1].RB0/b122.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\a8f5a020e4b833865a1034489887c8b9[1].RB0 ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\a8f5a020e4b833865a1034489887c8b9[1].RB0 CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b103.exe.RB0/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b103.exe.RB0 ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b103.exe.RB0 CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b122.exe.RB0/b122.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b122.exe.RB0 ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b122.exe.RB0 CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b128.exe.RB0/b128.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b128.exe.RB0/b128.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b128.exe.RB0/b128.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b128.exe.RB0/b128.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b128.exe.RB0/b128.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b128.exe.RB0 ZIP: infected - 5 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b128.exe.RB0 CryptFF.b: infected - 5 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b138.exe.RB0/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b138.exe.RB0 ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\b138.exe.RB0 CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\f4d28682d186cc6beb75f106d133f489[1].RB0/b128.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\f4d28682d186cc6beb75f106d133f489[1].RB0/b128.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\f4d28682d186cc6beb75f106d133f489[1].RB0/b128.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\f4d28682d186cc6beb75f106d133f489[1].RB0/b128.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\f4d28682d186cc6beb75f106d133f489[1].RB0/b128.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\f4d28682d186cc6beb75f106d133f489[1].RB0 ZIP: infected - 5 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\f4d28682d186cc6beb75f106d133f489[1].RB0 CryptFF.b: infected - 5 skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\HPBPSTTP.RB0 Infected: Trojan.Win32.Patched.af skipped
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\WLTRAY.RB0 Infected: Trojan.Win32.Patched.af skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{084401CC-5F62-4572-8DF8-CB42E6176F27}\RP65\change.log Object is locked skipped
C:\System Volume Information\_restore{084401CC-5F62-4572-8DF8-CB42E6176F27}\RP7\A0000848.exe Infected: Trojan.Win32.Dialer.uq skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7829A73E-1070-4947-B241-D37133A072C6}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\4M3rwpJm.dll Object is locked skipped
C:\WINDOWS\system32\aM4C02l8.dll Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\ckpNotify.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hqhytwql.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.h skipped
C:\WINDOWS\system32\iifeefg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.art skipped
C:\WINDOWS\system32\l584b7VH.exe Infected: Backdoor.Win32.Agent.ark skipped
C:\WINDOWS\system32\oNjpd4g5.dll Object is locked skipped
C:\WINDOWS\system32\S6lLjVeg.dll Object is locked skipped
C:\WINDOWS\system32\tbgsdgcu.dll Infected: Trojan.Win32.BHO.zo skipped
C:\WINDOWS\system32\TcxVwAst.dll Object is locked skipped
C:\WINDOWS\system32\utTvXc51.dll Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\yaxhrtvo.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\Temp\Perflib_Perfdata_630.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Thanks
Jim Lee

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Hi Jim, if it's Vundo and I believe it is, it's mostly hidden, this is the only outward sign:
O4 - HKLM\..\Run: [140313ec] rundll32.exe "C:\WINDOWS\system32\jeufvtsb.dll",b
Some of the recent Vundo (no way to know if this is it) really load the computer with files so I am offering this advice.
You have a Vundo infection which can be very hard to remove. This will take some time and unless you are patient, understand how to follow directions and are comfortable working on your computer, you may want to seek local professional help. If you wish to proceed, read and follow the directions carefully.

1) The junk will download more, stay offline except when troubleshooting until you are clean.

2) TeaTimer will block changes we must make, use these instruction to turn it off until we are done.
http://russelltexas.com/malware/teatimer.htm

3) So we may be able to see the hidden junk, return to here:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <<< rename HJT, call it Jim Lee.exe, after a restart we may get a better look.

4) I took down your email in case I do need it and deletes it, bots look for valid email and they will spam you to death.

5) In Kaspersky I see this: C:\Program Files\Trend Micro\Client Server Security Agent\Backup\A0060409.RB0 Infected: Trojan.Win32.Patched.af skipped
There may be more in the log, but you can navigate to that Backup folder and clean out that junk so we don't have to look at it more.

6) Thanks to Atribune and any others who helped with this fix.

http://vundofix.atribune.org/ <<< tutorial

"Download VundoFix" to your Desktop

http://www.atribune.org/ccount/click.php?id=4

Double-click VundoFix.exe to run it.
When VundoFix opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will attempt run on reboot, simply follow the above instructions starting from "Click
the Scan for Vundo button." when VundoFix appears at reboot. Vundofix.txt will be on the C:\

7) Thanks to sUBs and anyone else who helped with this fix.

Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the Vundofix.txt, combofix report and a new HJT log.

Thanks...Phil

This topic is closed due to lack of a response.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks