Here is the Hijack this file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:29 AM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\1149031041\ee\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wr eg_genpg&modelID=DF871A&product_full_name=Pavilion%20zd7000&PROD_SERIAL_ID=CNF34229X3&PURCH_DT_MONTH=10&PURCH_DT_DAY=28&PURCH_DT_YEAR=2003&gwCountry=US&language=EN&prodOS=012
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.ce1.attbb.net;<local>
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\jne0y861.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\jne0y861.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Verizon\Verizon Internet Security Suite\FBHR.dll
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\pmnlj.dll
O2 - BHO: (no name) - {8036F9DA-47D4-49E1-84F8-ABCBEFC742Ea} - C:\WINDOWS\system32\gccpboja.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\ophtnwfb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SecurityUpdate] rundll32.exe C:\WINDOWS\system32\anjrgck.dll,TurnOn2
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\bkjxahgu.dll",forkonce
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - [url]http://aspen.vcu.edu/iNotes.cab[/url]
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - [url]http://aspen.vcu.edu/iNotes6.cab[/url]
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - [url]http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe[/url]
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - file://D:\HTML\plugins\zoomify306.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - [url]http://mirror.worldwinner.com//games/v45/h2hpool/h2hpool.cab[/url]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe

--
End of file - 8157 bytes

1) First disable Tea-Timer:

Turn off TeaTimer to remove those entries. Open Spybot S&D in advanced mode, click Tools > Resident, and remove the check from "Resident Tea-Timer". Reboot after unchecking the entry.

2) Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click *OK*.
Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the *Scan for Vundo* button." when
VundoFix appears at reboot.

Please open a HJT scan and put checks by:
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\pmnlj.dll
O2 - BHO: (no name) - {8036F9DA-47D4-49E1-84F8-ABCBEFC742Ea} - C:\WINDOWS\system32\gccpboja.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\ophtnwfb.dll
O4 - HKLM\..\Run: [SecurityUpdate] rundll32.exe C:\WINDOWS\system32\anjrgck.dll,TurnOn2
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\bkjxahgu.dll",forkonce
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll
Close all open windows except HJT and press Fix checked... (you only need to be concerned about open windows, don't worry about programs running in background like your antivirus and firewall)...

3)Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

4)Reboot and


Post a fresh HJT log along
Post the VundoFix log...
Post the Comboxfix Log
Report back on how the system is running.

fixn granys cpu,

You never really finished your last request for help on similar issues... That tends to make me much less inclined to help again...

I understand, I was vistiting my dad who lives a couple hundred miles away. I have tried on two occasions to get him to follow through but to no avail.. What can I say? I guess he likes nasties on his computer.

The combofix link you provided is dead to me.. Also I read in a few spots about a rootkit that attacks combofx? Know anything about this? Or of another safe spot I may download it?

Those posts are from February 07. We have been using it since then. Try either of these links on the page techguys (http://forums.techguy.org/malware-removal-hijackthis-logs/604752-mgrs-exe-removal.html?highlight=Combofix).[/URL].

ComboFix 07-08-04.3 - "User" 2007-08-06 7:21:40.1 [GMT -4:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\PopsMedia Site Adviser
C:\WINDOWS\system32\adevahvi.exe
C:\WINDOWS\system32\besvlwyk.dll
C:\WINDOWS\system32\bhecqkit.exe
C:\WINDOWS\system32\boulsiyj.exe
C:\WINDOWS\system32\chcuyanr.exe
C:\WINDOWS\system32\dnioqqdy.exe
C:\WINDOWS\system32\dwstndil.exe
C:\WINDOWS\system32\ehpaoslt.exe
C:\WINDOWS\system32\etyslyhv.exe
C:\WINDOWS\system32\exgcuunm.exe
C:\WINDOWS\system32\fusxnwev.exe
C:\WINDOWS\system32\fxbxxedm.exe
C:\WINDOWS\system32\fynmkeou.exe
C:\WINDOWS\system32\hognehtb.exe
C:\WINDOWS\system32\jcerrhre.dll
C:\WINDOWS\system32\lbthusbj.dll
C:\WINDOWS\system32\lbwklxvm.exe
C:\WINDOWS\system32\lehfaecs.exe
C:\WINDOWS\system32\lffbinlk.exe
C:\WINDOWS\system32\mbctyybw.exe
C:\WINDOWS\system32\mftiilep.exe
C:\WINDOWS\system32\mqfeqvtu.exe
C:\WINDOWS\system32\mybvhrhq.dll
C:\WINDOWS\system32\ncivrofo.dll
C:\WINDOWS\system32\ophtnwfb.dll
C:\WINDOWS\system32\plroyerm.exe
C:\WINDOWS\system32\qsnwtnxx.exe
C:\WINDOWS\system32\qtnsiwdf.exe
C:\WINDOWS\system32\sescqyln.exe
C:\WINDOWS\system32\teweywtn.exe
C:\WINDOWS\system32\umefvgny.exe
C:\WINDOWS\system32\umgokuea.exe
C:\WINDOWS\system32\unwilhjt.exe
C:\WINDOWS\system32\uwcihbns.exe
C:\WINDOWS\system32\vwxvamxq.exe
C:\WINDOWS\system32\wrlcvsmi.dll
C:\WINDOWS\system32\wukudtyy.ini
C:\WINDOWS\system32\wukudtyy.ini2
C:\WINDOWS\system32\wukudtyy.tmp
C:\WINDOWS\system32\xgnieief.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-06 07:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 17:04 <DIR> d-------- C:\VundoFix Backups
2007-08-03 00:49 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-02 23:53 125,460 --a------ C:\WINDOWS\system32\bkjxahgu.dll
2007-08-02 18:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-31 22:51 121,876 --a------ C:\WINDOWS\system32\gccpboja.dll
2007-07-31 21:45 121,876 --a------ C:\WINDOWS\system32\allxblxx.dll
2007-07-31 21:00 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-31 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-31 20:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-24 17:34 125,972 --a------ C:\WINDOWS\system32\pgxehgbt.dll
2007-07-21 21:14 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Talkback
2007-07-21 21:10 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\acccore
2007-07-21 21:09 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Verizon
2007-07-18 21:30 <DIR> d-------- C:\Program Files\support.com
2007-07-18 21:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-03 17:32 265 --a------ C:\WINDOWS\freedom.backup.dat
2007-07-31 20:43 --------- d-------- C:\Program Files\HPQ
2007-07-31 16:39 --------- d-------- C:\Program Files\Common Files\Command Software
2007-07-31 16:38 --------- d-------- C:\Program Files\Common Files\PestPatrol
2007-07-24 21:43 --------- d-------- C:\Program Files\IrfanView
2007-07-24 21:42 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-24 17:33 --------- d-------- C:\Program Files\Plaxo
2007-07-18 21:29 --------- d-------- C:\Program Files\Viewpoint
2007-07-18 21:29 --------- d-------- C:\Program Files\Verizon
2007-07-18 21:29 --------- d-------- C:\Program Files\Common Files\Motive
2007-05-16 11:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2005-04-23 19:06 58288 --a------ C:\DOCUME~1\User\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-10-28 02:25 880 --a------ C:\Program Files\Tooth Morphology_v1.txt

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-06-24 14:32]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-06-03 17:40]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 17:34]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 17:10]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-22 18:06]
"CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 04:23]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 00:03]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 23:55]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe" [2002-05-24 08:46]
"HPHmon04"="C:\WINDOWS\System32\hphmon04.exe" [2002-06-20 15:06]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2006-03-30 11:05]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-07-31 22:30]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BackupNotify"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 18:25]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-09 20:24]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1149031041\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
"C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j6291737]
rundll32 C:\WINDOWS\system32\j6291737.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
rundll32.exe "C:\WINDOWS\system32\pgxehgbt.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurityUpdate]
rundll32.exe C:\WINDOWS\system32\anjrgck.dll,TurnOn2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

R0 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\WINDOWS\system32\DRIVERS\sbp2port.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_x p.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdud f_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.s ys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\driver s\UdfReadr_xp.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 CSS DVP;CSS DVP;C:\WINDOWS\system32\DRIVERS\css-dvp.sys
R2 FreeTdi;Radialpoint Filter (25394);C:\WINDOWS\system32\Drivers\FreeTdi.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\syste m32\DRIVERS\strmdisp.sys
R3 CAMCAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\camcaud.sys
R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camc hal.sys
R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys
R3 Freedom;Freedom Miniport;C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFH WICH.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.s ys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
S0 adpu320;adpu320;C:\WINDOWS\system32\DRIVERS\adpu32 0.sys
S0 Symmpi;Symmpi;C:\WINDOWS\system32\DRIVERS\symmpi.s ys
S3 Dot4 HPH11;Dot4 HPH11;C:\WINDOWS\system32\DRIVERS\hphid411.sys
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11;C:\WINDOWS\system32\DRIVERS\hphipr11.sys
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11);C:\WINDOWS\system32\Drivers\hphs2k11.sys
S3 Dot4Usb HPH11;Dot4Usb HPH11;C:\WINDOWS\system32\drivers\hphius11.sys
S3 DSXUSB;DSXUSB Device;C:\WINDOWS\system32\DRIVERS\DSXUSB.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.s ys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\system32\DRIVERS\wADV01 nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\system32\DRIVERS\wADV02 NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\system32\DRIVERS\wADV05 NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\system32\DRIVERS\wSiINT xx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\system32\DRIVERS\wVchNT xx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\system32\DRIVERS\wATV01 nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\system32\DRIVERS\wATV02 NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\system32\DRIVERS\wATV03 nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\system32\DRIVERS\wATV04 nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\system32\DRIVERS\wCh7xx NT.sys
S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S3 MmedFilter;MmedFilter;\??\C:\WINDOWS\system32\Driv ers\MmedFilter.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 07:38:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-06 7:41:04 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-06 07:40

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:50 AM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\AOL\1149031041\ee\aolsoftware.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wr eg_genpg&modelID=DF871A&product_full_name=Pavilion%20zd7000&PROD_SERIAL_ID=CNF34229X3&PURCH_DT_MONTH=10&PURCH_DT_DAY=28&PURCH_DT_YEAR=2003&gwCountry=US&language=EN&prodOS=012
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.ce1.attbb.net;<local>
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\jne0y861.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\jne0y861.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Verizon\Verizon Internet Security Suite\FBHR.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://aspen.vcu.edu/iNotes.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://aspen.vcu.edu/iNotes6.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - file://D:\HTML\plugins\zoomify306.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v45/h2hpool/h2hpool.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe

--
End of file - 7392 bytes

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 5:04:10 PM 8/3/2007

Listing files found while scanning....

C:\DOCUME~1\User\LOCALS~1\Temp\juan.dll
C:\windows\system32\apyqrene.dll
C:\windows\system32\atbbbngr.dll
C:\windows\system32\bqlwvfhm.ini
C:\windows\system32\brwxjwpa.dll
C:\windows\system32\ckomxoxh.dll
C:\windows\system32\cnyppphf.dll
C:\windows\system32\cuxthvhs.dll
C:\windows\system32\dfbqrsgu.dll
C:\windows\system32\dhbvstpu.dll
C:\windows\system32\ebftdnjf.dll
C:\windows\system32\ecuwqikk.dll
C:\windows\system32\efuxubnv.dll
C:\windows\system32\eyplabon.dll
C:\windows\system32\gharnoju.dll
C:\windows\system32\goearpqh.dll
C:\windows\system32\gxcrsrus.ini
C:\windows\system32\hqlrmeeg.dll
C:\windows\system32\iiobuxbm.ini
C:\WINDOWS\system32\isupxdjm.dll
C:\windows\system32\jlnmp.bak1
C:\windows\system32\jlnmp.bak2
C:\windows\system32\jlnmp.ini
C:\windows\system32\jlnmp.ini2
C:\windows\system32\jlnmp.tmp
C:\windows\system32\jpcosqrk.dll
C:\windows\system32\jsobfcvn.ini
C:\windows\system32\kmkdcyck.dll
C:\windows\system32\kuvjnwwv.dll
C:\WINDOWS\system32\lmyugcya.dll
C:\windows\system32\mbxuboii.dll
C:\windows\system32\mhfvwlqb.dll
C:\windows\system32\nqyasgny.ini
C:\windows\system32\nvcfbosj.dll
C:\windows\system32\obujcttp.dll
C:\windows\system32\pevjkrud.dll
C:\WINDOWS\system32\pmnlj.dll
C:\windows\system32\pttcjubo.ini
C:\windows\system32\pwmccdxe.dll
C:\windows\system32\qluwnesb.dll
C:\windows\system32\rkvjddxi.dll
C:\windows\system32\rrenqqqe.dll
C:\windows\system32\ryggxygw.dll
C:\windows\system32\rywkrvtv.dll
C:\windows\system32\sursrcxg.dll
C:\WINDOWS\system32\tvsgeqla.dll
C:\windows\system32\twmusfki.dll
C:\windows\system32\tyuupsyf.dll
C:\windows\system32\uacbbrnd.dll
C:\WINDOWS\system32\ukqvkeqn.dll
C:\windows\system32\vijkgdbw.dll
C:\windows\system32\vkppvnyh.dll
C:\windows\system32\vnbuxufe.ini
C:\windows\system32\voaxfjyw.dll
C:\windows\system32\vtvrkwyr.ini
C:\windows\system32\vueiheac.dll
C:\windows\system32\wapvjpjh.dll
C:\windows\system32\wbdgkjiv.ini
C:\windows\system32\wfeuxwch.dll
C:\windows\system32\whfjhoxi.dll
C:\windows\system32\whfwypdh.dll
C:\windows\system32\xacenbyf.dll
C:\windows\system32\yngsayqn.dll
C:\WINDOWS\system32\ytuvhfff.dll
C:\windows\system32\yuavlkgt.dll

Beginning removal...

Attempting to delete C:\windows\system32\apyqrene.dll
C:\windows\system32\apyqrene.dll Has been deleted!

Attempting to delete C:\windows\system32\atbbbngr.dll
C:\windows\system32\atbbbngr.dll Has been deleted!

Attempting to delete C:\windows\system32\bqlwvfhm.ini
C:\windows\system32\bqlwvfhm.ini Has been deleted!

Attempting to delete C:\windows\system32\brwxjwpa.dll
C:\windows\system32\brwxjwpa.dll Has been deleted!

Attempting to delete C:\windows\system32\ckomxoxh.dll
C:\windows\system32\ckomxoxh.dll Has been deleted!

Attempting to delete C:\windows\system32\cnyppphf.dll
C:\windows\system32\cnyppphf.dll Has been deleted!

Attempting to delete C:\windows\system32\cuxthvhs.dll
C:\windows\system32\cuxthvhs.dll Has been deleted!

Attempting to delete C:\windows\system32\dfbqrsgu.dll
C:\windows\system32\dfbqrsgu.dll Has been deleted!

Attempting to delete C:\windows\system32\dhbvstpu.dll
C:\windows\system32\dhbvstpu.dll Has been deleted!

Attempting to delete C:\windows\system32\ebftdnjf.dll
C:\windows\system32\ebftdnjf.dll Has been deleted!

Attempting to delete C:\windows\system32\ecuwqikk.dll
C:\windows\system32\ecuwqikk.dll Has been deleted!

Attempting to delete C:\windows\system32\efuxubnv.dll
C:\windows\system32\efuxubnv.dll Has been deleted!

Attempting to delete C:\windows\system32\eyplabon.dll
C:\windows\system32\eyplabon.dll Has been deleted!

Attempting to delete C:\windows\system32\gharnoju.dll
C:\windows\system32\gharnoju.dll Has been deleted!

Attempting to delete C:\windows\system32\goearpqh.dll
C:\windows\system32\goearpqh.dll Has been deleted!

Attempting to delete C:\windows\system32\gxcrsrus.ini
C:\windows\system32\gxcrsrus.ini Has been deleted!

Attempting to delete C:\windows\system32\hqlrmeeg.dll
C:\windows\system32\hqlrmeeg.dll Has been deleted!

Attempting to delete C:\windows\system32\iiobuxbm.ini
C:\windows\system32\iiobuxbm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\isupxdjm.dll
C:\WINDOWS\system32\isupxdjm.dll Has been deleted!

Attempting to delete C:\windows\system32\jlnmp.bak1
C:\windows\system32\jlnmp.bak1 Has been deleted!

Attempting to delete C:\windows\system32\jlnmp.bak2
C:\windows\system32\jlnmp.bak2 Has been deleted!

Attempting to delete C:\windows\system32\jlnmp.ini
C:\windows\system32\jlnmp.ini Has been deleted!

Attempting to delete C:\windows\system32\jlnmp.ini2
C:\windows\system32\jlnmp.ini2 Has been deleted!

Attempting to delete C:\windows\system32\jlnmp.tmp
C:\windows\system32\jlnmp.tmp Has been deleted!

Attempting to delete C:\windows\system32\jpcosqrk.dll
C:\windows\system32\jpcosqrk.dll Has been deleted!

Attempting to delete C:\windows\system32\jsobfcvn.ini
C:\windows\system32\jsobfcvn.ini Has been deleted!

Attempting to delete C:\windows\system32\kmkdcyck.dll
C:\windows\system32\kmkdcyck.dll Has been deleted!

Attempting to delete C:\windows\system32\kuvjnwwv.dll
C:\windows\system32\kuvjnwwv.dll Has been deleted!

Attempting to delete C:\windows\system32\mbxuboii.dll
C:\windows\system32\mbxuboii.dll Has been deleted!

Attempting to delete C:\windows\system32\mhfvwlqb.dll
C:\windows\system32\mhfvwlqb.dll Has been deleted!

Attempting to delete C:\windows\system32\nqyasgny.ini
C:\windows\system32\nqyasgny.ini Has been deleted!

Attempting to delete C:\windows\system32\nvcfbosj.dll
C:\windows\system32\nvcfbosj.dll Has been deleted!

Attempting to delete C:\windows\system32\obujcttp.dll
C:\windows\system32\obujcttp.dll Has been deleted!

Attempting to delete C:\windows\system32\pevjkrud.dll
C:\windows\system32\pevjkrud.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Has been deleted!

Attempting to delete C:\windows\system32\pttcjubo.ini
C:\windows\system32\pttcjubo.ini Has been deleted!

Attempting to delete C:\windows\system32\pwmccdxe.dll
C:\windows\system32\pwmccdxe.dll Has been deleted!

Attempting to delete C:\windows\system32\qluwnesb.dll
C:\windows\system32\qluwnesb.dll Has been deleted!

Attempting to delete C:\windows\system32\rkvjddxi.dll
C:\windows\system32\rkvjddxi.dll Has been deleted!

Attempting to delete C:\windows\system32\rrenqqqe.dll
C:\windows\system32\rrenqqqe.dll Has been deleted!

Attempting to delete C:\windows\system32\ryggxygw.dll
C:\windows\system32\ryggxygw.dll Has been deleted!

Attempting to delete C:\windows\system32\rywkrvtv.dll
C:\windows\system32\rywkrvtv.dll Has been deleted!

Attempting to delete C:\windows\system32\sursrcxg.dll
C:\windows\system32\sursrcxg.dll Has been deleted!

Attempting to delete C:\windows\system32\twmusfki.dll
C:\windows\system32\twmusfki.dll Has been deleted!

Attempting to delete C:\windows\system32\tyuupsyf.dll
C:\windows\system32\tyuupsyf.dll Has been deleted!

Attempting to delete C:\windows\system32\uacbbrnd.dll
C:\windows\system32\uacbbrnd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ukqvkeqn.dll
C:\WINDOWS\system32\ukqvkeqn.dll Has been deleted!

Attempting to delete C:\windows\system32\vijkgdbw.dll
C:\windows\system32\vijkgdbw.dll Has been deleted!

Attempting to delete C:\windows\system32\vkppvnyh.dll
C:\windows\system32\vkppvnyh.dll Has been deleted!

Attempting to delete C:\windows\system32\vnbuxufe.ini
C:\windows\system32\vnbuxufe.ini Has been deleted!

Attempting to delete C:\windows\system32\voaxfjyw.dll
C:\windows\system32\voaxfjyw.dll Has been deleted!

Attempting to delete C:\windows\system32\vtvrkwyr.ini
C:\windows\system32\vtvrkwyr.ini Has been deleted!

Attempting to delete C:\windows\system32\vueiheac.dll
C:\windows\system32\vueiheac.dll Has been deleted!

Attempting to delete C:\windows\system32\wapvjpjh.dll
C:\windows\system32\wapvjpjh.dll Has been deleted!

Attempting to delete C:\windows\system32\wbdgkjiv.ini
C:\windows\system32\wbdgkjiv.ini Has been deleted!

Attempting to delete C:\windows\system32\wfeuxwch.dll
C:\windows\system32\wfeuxwch.dll Has been deleted!

Attempting to delete C:\windows\system32\whfjhoxi.dll
C:\windows\system32\whfjhoxi.dll Has been deleted!

Attempting to delete C:\windows\system32\whfwypdh.dll
C:\windows\system32\whfwypdh.dll Has been deleted!

Attempting to delete C:\windows\system32\xacenbyf.dll
C:\windows\system32\xacenbyf.dll Has been deleted!

Attempting to delete C:\windows\system32\yngsayqn.dll
C:\windows\system32\yngsayqn.dll Has been deleted!

Attempting to delete C:\windows\system32\yuavlkgt.dll
C:\windows\system32\yuavlkgt.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 5:38:20 PM 8/3/2007

Listing files found while scanning....

No infected files were found.

As for the way its running..
So far so good. Its definately running alot faster and smoother.
Again thanks for the help

Using Internet Explorer, Click here (http://support.f-secure.com/enu/home/ols3.shtml) to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
Then click the F-Secure Online Scanner Next Generation Beta link.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.

Result: 18 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System

Trojan-Spy.Win32.VBStat.c (virus)

* C:\DO_WORK\UDUMALVP.EXE (Renamed & Submitted)

Vundo.gen38 (virus)

* C:\WINDOWS\SYSTEM32\DHCCQJFD.INI (Submitted)
* C:\WINDOWS\SYSTEM32\ESRQUUXA.INI (Submitted)
* C:\WINDOWS\SYSTEM32\FMGVNPOR.INI (Submitted)
* C:\WINDOWS\SYSTEM32\KCBDQAPL.INI (Submitted)
* C:\WINDOWS\SYSTEM32\NKJERLRH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\OPRXDQXJ.INI (Submitted)
* C:\WINDOWS\SYSTEM32\PYBCOSEP.INI (Submitted)
* C:\WINDOWS\SYSTEM32\YTGRHKMN.INI (Submitted)

W32/BHO.QG (virus)

* C:\WINDOWS\SYSTEM32\ALLXBLXX.DLL (Submitted)
* C:\WINDOWS\SYSTEM32\GCCPBOJA.DLL (Submitted)
* C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20070803-180505-680.DLL (Submitted)

W32/Vundo.O (virus)

* C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\HEBNLXOA.DLL (Submitted)

W32/Vundo.dam (virus)

* C:\WINDOWS\SYSTEM32\BKJXAHGU.DLL (Submitted)
* C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20070803-180505-460.DLL

W32/Vundo.gen3 (virus)

* C:\WINDOWS\SYSTEM32\YRJYCMWL.EXE (Submitted)

Statistics
Scanned:

* Files: 45111
* System: 7244
* Not scanned: 5

Actions:

* Disinfected: 1
* Renamed: 1
* Deleted: 0
* None: 16
* Submitted: 15

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\IPV6MON.DLL
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030410\0102\0102\VALUES

I would manually delete the submitted files. Then I would run CCLEANER and then post a fresh HJT log & let us know how he system is running.

I manually deleted the entrys that I could locate.. searches came up blank for some??
Computer is running great.
here is the hjthis log and thanks again for your help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:09 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1149031041\ee\aolsoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wr eg_genpg&modelID=DF871A&product_full_name=Pavilion%20zd7000&PROD_SERIAL_ID=CNF34229X3&PURCH_DT_MONTH=10&PURCH_DT_DAY=28&PURCH_DT_YEAR=2003&gwCountry=US&language=EN&prodOS=012
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.ce1.attbb.net;<local>
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\jne0y861.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\jne0y861.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Verizon\Verizon Internet Security Suite\FBHR.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - [url]http://aspen.vcu.edu/iNotes.cab[/url]
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - [url]http://aspen.vcu.edu/iNotes6.cab[/url]
O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - [url]http://support.f-secure.com/ols/beta/fscax.cab[/url]
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - [url]http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe[/url]
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - file://D:\HTML\plugins\zoomify306.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - [url]http://mirror.worldwinner.com//games/v45/h2hpool/h2hpool.cab[/url]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe

--
End of file - 7800 bytes

Just humor me and run the latest version of Combofix (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe).

I am afraid that ComboFix has been pulled for now... sUBs is working to fix a significant glitch...

Is it possible to get a notification when combo fix becomes available?


Thanks again for everyones help.