I have problems with a virus/trojan that is showing up as above. I've looked through the forums, but am confused on how to remove it. I thought that Spybot had removed it, but that was not the case.

Please Help!
Thanks
wdpaynter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:05 AM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RDM+\rdmpserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\taskmagr.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RDM+\rdmpserv_cpanel.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Simplify Media\SimplifyMedia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
C:\Program Files\MediaMonkey\Decoder.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm565YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bw+0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {54B6384D-E428-4B78-97BC-C6466E5C8735} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 23664 bytes

hi,

do you know what this is:
C:\Program Files\RDM+

did you install this packet capture library?
C:\Program Files\WinPcap

lets see what this can dig up:

Download and run OTViewIt

http://oldtimer.geekstogo.com/OTViewIt.exe

1. Please download OTViewIt by OldTimer and save it to your Desktop.
2. Close all applications and windows.
3. Double-click on the OTViewIt.exe to start OTViewIt.
4. Place a checkmark in the blue-colored "Scan All Users" checkbox.
5. Click the blue "Run Scan" button.
6. OTViewIt will now start its scan.
7. When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
8. Copy/paste the contents of OTViewIt.Txt and the Extras.txt in your reply please.

Thanks for lending your help!!

The RDM+ is a program for syncing iPhone, but I do not need or use it anymore.
The WinPcap I'm not sure where it came from, I've since used its provided Uninstall to delete it.

I've attempted to run the OTViewIt, but part way through the scan (while "Performing MountPoints@ scan") I get the following error:

Title bar says "Windows - No Disk"
Message says "Exception Processing Message C0000013 75b6bf7c 4 75b6bf7c 75b6bf7c" It looks to continue this message of numbers, but is cut off


I'm given the option to "Retry" "Cancel" "Continue", but none do anything and I have to end the unresponsive program.

This also triggers another error window that I have been seeing before downloading OTViewIt. This has something to do with dwwin.exe (Dr. Watson) and the file msvcrt40.dll.

Please let me know what you suggest I do. Sorry this was unsuccessful.
Thanks
Bill P.

Another point you should know:

I have updated through Windows Update since posting (this AM). 4 of the 5 updates refered to Security Updates to Windows, Internet Explorer, & Security Pack 3. Not sure if they have helped yet.

The iexplore.exe did not show up @ startup, but it seems that it has only been showing up when I leave my computer on overnight, like it is scheduled to come on late night. I stop the process in the AM and it does not come back for a long time.

Sorry to ramble, just thought you should have all the info.
Thanks

hi,

thanks for the info. you can delete the OTViewIt from your desktop.
iexplore.exe is internet explorer. hjt log looks ok. Is a updated spybot coming up clean after a scan. your antivirus is up to date also?
we can get another download to check for malware. dosnt hurt to have 2 anti-malware apps.:

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop:

http://www.malwarebytes.org/mbam.php

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

please post the MBAM log in reply

Thanks

I do not use Internet Explorer and when "iexplore.exe" shows up in my process list, it quickly grows anywhere from 200,000K - 600,000K before i end the process. Internet Explorer is not open then either.

My Spybot is up to date and shows no problems to fix (except for Right Media which is a "tracking cookie" that shows up from time to time and I delete it). As far as AV, I thought that Spybot was an AV program b/c of the "TeaTimer" thing. Do I need an additional program?

Here is the log (I've yet to remove these infections, please let me know if I can) Thanks:

Malwarebytes' Anti-Malware 1.31
Database version: 1483
Windows 5.1.2600 Service Pack 3

12/11/2008 08:30:39 AM
mbam-log-2008-12-11 (08-30-34).txt

Scan type: Full Scan (C:\|D:\|L:\|)
Objects scanned: 270413
Time elapsed: 1 hour(s), 45 minute(s), 30 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 12
Files Infected: 19

Memory Processes Infected:
C:\WINDOWS\system32\taskmagr.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
c:\WINDOWS\system32\wmdmpmsvc.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} (Adware.NetOptimizer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\shcjvmj0ev5t (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmdmpmsn (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wmdmpmsn (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wmdmpmsn (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinAntiSpyware 2006 Scanner (Rogue.WinAntiSpyware) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Packages (Rogue.Multiple) -> No action taken.

Files Infected:
C:\Program Files\outlook\v.tmp (Worm.P2P) -> No action taken.
C:\WINDOWS\smanager.7.exe~ (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\135.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\gebbxvv(2).dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\blphclvmj0ev5t.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\wmdmpmsvc.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\taskmagr.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\cmd.com (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\ping.com (Backdoor.Bot) -> No action taken.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\outlook\p.zip (Worm.Alcra) -> No action taken.
C:\WINDOWS\system32\tasklist.com (Worm.Alcra) -> No action taken.
C:\WINDOWS\system32\tracert.com (Worm.Alcra) -> No action taken.
C:\WINDOWS\system32\wvuuttu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lphclvmj0ev5t.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\wr.txt (Malware.Trace) -> No action taken.

I apologize for not following your directions clearly. Here is the log after removal, Thanks:

Malwarebytes' Anti-Malware 1.31
Database version: 1483
Windows 5.1.2600 Service Pack 3

12/11/2008 08:05:59 PM
mbam-log-2008-12-11 (20-05-59).txt

Scan type: Full Scan (C:\|D:\|L:\|)
Objects scanned: 270413
Time elapsed: 1 hour(s), 45 minute(s), 30 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 12
Files Infected: 19

Memory Processes Infected:
C:\WINDOWS\system32\taskmagr.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\wmdmpmsvc.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\shcjvmj0ev5t (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmdmpmsn (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wmdmpmsn (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wmdmpmsn (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinAntiSpyware 2006 Scanner (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\shcjvmj0ev5t\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\outlook\v.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\smanager.7.exe~ (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\135.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gebbxvv(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphclvmj0ev5t.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmdmpmsvc.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\taskmagr.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\cmd.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ping.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\outlook\p.zip (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvuuttu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphclvmj0ev5t.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.

hi,

ok good. well that seems to explain why IE was running. must be better now.

in any case if you find that IE is still running as a process on your machine then i would use the computer as little as possible. in fact pull the plug on the modem or router so you have no connectivity to the internet or your LAN if you have more than one machine.

we will get one more download to run on your machine. its called combofix.
there is a guide you can read first. looks like a lot but it really requires little on your part. It will even download and install the MS recovery console for you as you will read in the guide.

complete directions and download links are in the guide.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

post the combofix log in your reply please.

I apologize for not having replied yet. I am traveling and do not have access to my home PC. Everything seems to be cleared up though, thanks to you!! I will download and follow the instructions above as soon as I get back, if you think it is still necessary.

Thanks again for your help!!
Bill P.

hi,

no problem and your welcome. yes go ahead and run combofix when you can, cant hurt to get another look. post the combofix log

complete directions and download links are in the guide for downloading and using combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix