I seem to have gotten this virus on my computer, it sounds the same as everyone else is describing. I have a red X where the icon for my C drive used to be, and a lot of pos.tmp files in my documents. I am not very good with computers but am a college student so I need to have my laptop work!! If anyone could help me it would be greatly appreciated!!

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please download Atribune's VundoFix.exe from the following site to your desktop:

Vundofix.exe

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,
click "yes".

Once you click yes, your desktop will go blank as it starts removing
Vundo.

When completed, it will prompt that it will reboot your computer,
click "ok".

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:41 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\uhafwbjy.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gunit\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) - {3F7389EE-FE36-4626-B602-55EE4DE65D97} - C:\Program Files\Windows Media Player\hose4444.dll (file missing)
O2 - BHO: (no name) - {43B7D73B-28C3-44F6-B7FC-64C012382B47} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\system32\pkshgien.dll (file missing)
O2 - BHO: (no name) - {4F0B50EE-91AB-4BB5-B3D9-624026EE752c} - C:\WINDOWS\system32\uqksxycw.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {9F4E9DF7-43D3-4476-A1C8-08C8CCDDD773} - C:\Program Files\Windows Media Player\hose83122.dll (file missing)
O2 - BHO: {c9a006f8-6c16-1fea-e9f4-87ac3e141f8f} - {f8f141e3-ca78-4f9e-aef1-61c68f600a9c} - C:\WINDOWS\system32\rkrasguv.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [lqjatsb] C:\WINDOWS\lqjatsb.EXE
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [d03245e7] rundll32.exe "C:\WINDOWS\system32\bfpfbdwy.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/te...
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Player...
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Player...
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads...
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\uhafwbjy.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ioouiri.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\pronyca.html

--
End of file - 11043 bytes

Hijack This worked fine, but for some reason once my computer opens up Combofix it says it is about to start the scan and then it closes. Also, for some reason my clock has now been changed to military time and there are internet explorer icons back on my desktop and menu (I deleted these a while ago because I think Firefox is less prone to viruses). Do I have a bigger problem than most?? Thank you again for all your help so far.

Go to start> run> type in combofix /u (note the space after combofix) the press ok.

Download combofix again and run it, post its log if possible.

ComboFix 08-02-20.2 - Gunit 2008-02-19 20:06:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.133 [GMT -5:00]
Running from: C:\Documents and Settings\Gunit\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 15:14 . 2008-02-19 15:14 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-01 17:45 . 2008-02-01 17:53 <DIR> d-------- C:\Documents and Settings\Gunit\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 23:52 --------- d-----w C:\Documents and Settings\Gunit\Application Data\LimeWire
2008-02-08 16:39 --------- d-----w C:\Documents and Settings\Gunit\Application Data\U3
2007-12-30 22:13 122,432 ----a-w C:\WINDOWS\system32\wcftlxyy.dll
2007-12-30 02:11 122,432 ----a-w C:\WINDOWS\system32\kskspmgy.dll
2007-12-29 18:49 122,432 ----a-w C:\WINDOWS\system32\mklqiafl.dll
2007-12-29 18:38 122,432 ----a-w C:\WINDOWS\system32\btxndlww.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-09-14 16:24 30,824 ----a-w C:\Documents and Settings\Gunit\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F7389EE-FE36-4626-B602-55EE4DE65D97}]
C:\Program Files\Windows Media Player\hose4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43B7D73B-28C3-44F6-B7FC-64C012382B47}]
C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4487598C-2EC7-43A2-870E-6D8D720FDD9F}]
C:\WINDOWS\system32\pkshgien.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F4E9DF7-43D3-4476-A1C8-08C8CCDDD773}]
C:\Program Files\Windows Media Player\hose83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8f141e3-ca78-4f9e-aef1-61c68f600a9c}]
C:\WINDOWS\system32\rkrasguv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24 65536]
"pshower"="C:\WINDOWS\system32\pshwr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14 270648]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 18:07 24576]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 18:23 53248]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 15:45 135168]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 11:39 159744]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 16:47 1089589]
"NDSTray.exe"="NDSTray.exe" []
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 17:43 184320]
"lqjatsb"="C:\WINDOWS\lqjatsb.EXE" [ ]
"IVPServiceMgr"="C:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 11:37 475136]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-11-18 03:24 155648]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-03-31 23:34 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-04 17:17 491520]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 02:21 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 14:41 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-11-18 03:11 118784]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-14 03:04 122939]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 20:14 135168]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 17:14 643072]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54 116072]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 23:10 339968]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 18:46 192512]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 88363 C:\WINDOWS\agrsmmsg.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-12 11:39 185632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2005-05-04 15:51:28 83360]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 13:08:08 57344]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-19 18:18:56 155648]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 nwusbmdm;Novatel Wireless Merlin CDMA EV-DO Modem Driver;C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2004-09-17 23:30]
S3 nwusbser;Novatel Wireless Merlin CDMA EV-DO Status Port;C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2004-09-17 23:30]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-16 22:41:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-19 18:50:03 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 20:09:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-19 20:10:36
.
2008-02-17 16:22:40 --- E O F ---

Please download Navilog1 by IL-MAFIOSO:

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

Extract its contents to the desktop.
Double click on navilog1.exe to install it on your computer.
When the installation is complete, the tool will start automatically.
If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
Press E for English from the language Menu.
Type 1 in the next Menu to select Search and press Enter.
Wait for the Scan to finish (It may take a reasonable amount of time)
Press any key as requested .
A new document will be produced: fixnavi.txt.
Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

Search Navipromo version 3.4.5 began on 2008-02-19 at 20:40:35.95

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Updated on 11.02.2008 at 20h00 by IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 6.0.2900.2180
Filesystem type : NTFS

Done in normal mode

*** Searching for installed Software ***

*** Search folders in C:\WINDOWS ***

*** Search folders in C:\Program Files ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Search folders in "C:\Documents and Settings\Gunit\applic~1" ***

*** Search folders in "C:\Documents and Settings\Gunit\locals~1\applic~1" ***

*** Search folders in "C:\Documents and Settings\Gunit\STARTM~1\Programs" ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

* Scan in "C:\Documents and Settings\Gunit\locals~1\applic~1" *

*** Search files ***

*** Search specific Registry keys ***

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :

2)Heuristic Search :

* In C:\WINDOWS\system32 :

uhafwbjy.exe found !
vcgtlwyj.exe found !
wibqdiym.exe found !

* In "C:\Documents and Settings\Gunit\locals~1\applic~1" :

3)Certificates Search :

Egroup certificate not found !

4)Search known files :

*** Search completed on 2008-02-19 at 20:45:09.71 ***

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Windows\System32\uhafwbjy.exe
C:\Windows\System32\vcgtlwyj.exe
C:\Windows\System32\wibqdiym.exe
C:\Program Files\Windows Media Player\hose4444.dll
C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\pkshgien.dl
C:\Program Files\Windows Media Player\hose83122.dll
C:\WINDOWS\system32\rkrasguv.dll
C:\WINDOWS\lqjatsb.EXE
C:\WINDOWS\system32\pshwr.exe
C:\WINDOWS\system32\bfpfbdwy.dll

Driver::
d03245e7

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F7389EE-FE36-4626-B602-55EE4DE65D97}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43B7D73B-28C3-44F6-B7FC-64C012382B47}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4487598C-2EC7-43A2-870E-6D8D720FDD9F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F4E9DF7-43D3-4476-A1C8-08C8CCDDD773}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8f141e3-ca78-4f9e-aef1-61c68f600a9c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pshower"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Post a new Combofix log.

ComboFix 08-02-20.2 - Gunit 2008-02-19 23:04:45.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.155 [GMT -5:00]
Running from: C:\Documents and Settings\Gunit\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gunit\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\Program Files\Windows Media Player\hose4444.dll
C:\Program Files\Windows Media Player\hose83122.dll
C:\WINDOWS\lqjatsb.EXE
C:\WINDOWS\system32\bfpfbdwy.dll
C:\WINDOWS\system32\pkshgien.dl
C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\pshwr.exe
C:\WINDOWS\system32\rkrasguv.dll
C:\Windows\System32\uhafwbjy.exe
C:\Windows\System32\vcgtlwyj.exe
C:\Windows\System32\wibqdiym.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 20:39 . 2008-02-19 20:45 <DIR> d-------- C:\Program Files\Navilog1
2008-02-19 15:14 . 2008-02-19 15:14 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-01 17:45 . 2008-02-01 17:53 <DIR> d-------- C:\Documents and Settings\Gunit\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 01:23 --------- d-----w C:\Documents and Settings\Gunit\Application Data\LimeWire
2008-02-08 16:39 --------- d-----w C:\Documents and Settings\Gunit\Application Data\U3
2007-12-30 22:13 122,432 ----a-w C:\WINDOWS\system32\wcftlxyy.dll
2007-12-30 02:11 122,432 ----a-w C:\WINDOWS\system32\kskspmgy.dll
2007-12-29 18:49 122,432 ----a-w C:\WINDOWS\system32\mklqiafl.dll
2007-12-29 18:38 122,432 ----a-w C:\WINDOWS\system32\btxndlww.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-09-14 16:24 30,824 ----a-w C:\Documents and Settings\Gunit\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14 270648]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 18:07 24576]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 18:23 53248]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 15:45 135168]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 11:39 159744]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 16:47 1089589]
"NDSTray.exe"="NDSTray.exe" []
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 17:43 184320]
"lqjatsb"="C:\WINDOWS\lqjatsb.EXE" [ ]
"IVPServiceMgr"="C:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 11:37 475136]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-11-18 03:24 155648]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-03-31 23:34 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-04 17:17 491520]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 02:21 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 14:41 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-11-18 03:11 118784]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-14 03:04 122939]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 20:14 135168]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 17:14 643072]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54 116072]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 23:10 339968]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 18:46 192512]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 88363 C:\WINDOWS\agrsmmsg.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-12 11:39 185632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2005-05-04 15:51:28 83360]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 13:08:08 57344]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-19 18:18:56 155648]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 nwusbmdm;Novatel Wireless Merlin CDMA EV-DO Modem Driver;C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2004-09-17 23:30]
S3 nwusbser;Novatel Wireless Merlin CDMA EV-DO Status Port;C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2004-09-17 23:30]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-16 22:41:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-19 18:50:03 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 23:08:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-19 23:09:41
ComboFix-quarantined-files.txt 2008-02-20 04:09:24
ComboFix2.txt 2008-02-20 03:57:12
ComboFix3.txt 2008-02-20 01:10:37
.
2008-02-17 16:22:40 --- E O F ---

Still a fox in the hen house>

Please go to Virus Total and upload the following files, on at the time, for analysis:

C:\WINDOWS\system32\wcftlxyy.dll
C:\WINDOWS\system32\kskspmgy.dll
C:\WINDOWS\system32\mklqiafl.dll
C:\WINDOWS\system32\btxndlww.dll

Post the results in your reply.

---------------------
KASPERSKY ONLINE SCANNER REPORT
2008-02-20 09:33
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/02/2008
Kaspersky Anti-Virus database records: 573443
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 64559
Number of viruses found: 7
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 00:59:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-19_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Gunit\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Gunit\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Gunit\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Gunit\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gunit\Local Settings\Temp\ mon000.log Object is locked skipped
C:\Documents and Settings\Gunit\Local Settings\Temp\~DF6617.tmp Object is locked skipped
C:\Documents and Settings\Gunit\Local Settings\Temp\~DF66E7.tmp Object is locked skipped
C:\Documents and Settings\Gunit\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gunit\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Gunit\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAD.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWADMT.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAS.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAS.ldb Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uhafwbjy.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vcgtlwyj.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wibqdiym.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP320\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cv7\discrven2.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\WINDOWS\system32\cv7\discrven2.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\WINDOWS\system32\cv7\discrven2.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\WINDOWS\system32\cv7\discrven2.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lwmscski.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\WINDOWS\system32\tfqprlmb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\uchhffub.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wdlkpwrx.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\webxggbm.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\xmsvicmd.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\ycjjwdwy.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\yjiigely.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\yluedinr.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\TEMP\JET6382.tmp Object is locked skipped
C:\WINDOWS\TEMP\JET677A.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

File wcftlxyy.dll received on 02.20.2008 15:36:26 (CET)
Current status: finished
Result: 17/32 (53.12%)
Compact Compact

Antivirus Version Last Update Result
AhnLab-V3 2008.2.20.0 2008.02.20 Win-Trojan/Conhook.122388.B
AntiVir 7.6.0.67 2008.02.20 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.20 Win32:Adware-gen
AVG 7.5.0.516 2008.02.20 -
BitDefender 7.2 2008.02.20 Trojan.Conhook.Y
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.20 Adware.BHO-221
DrWeb 4.44.0.09170 2008.02.20 Adware.Crew
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5550 2008.02.20 -
Ewido 4.0 2008.02.19 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.19 W32/Heuristic-162!Eldorado
F-Secure 6.70.13260.0 2008.02.20 W32/BHO.QG
Ikarus T3.1.1.20 2008.02.20 Trojan.Conhook.Y
Kaspersky 7.0.0.125 2008.02.20 -
McAfee 5233 2008.02.20 -
Microsoft 1.3204 2008.02.20 VirTool:Win32/Obfuscator.Q
NOD32v2 2889 2008.02.20 a variant of Win32/Adware.BHO.V
Norman 5.80.02 2008.02.19 W32/BHO.QG
Panda 9.0.0.4 2008.02.20 Spyware/Virtumonde
Prevx1 V2 2008.02.20 -
Rising 20.32.22.00 2008.02.20 -
Sophos 4.26.0 2008.02.20 Mal/BHO-C
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 -
TheHacker 6.2.9.224 2008.02.19 Adware/BHO.yv
VBA32 3.12.6.1 2008.02.17 Application.Win32.Adware.BHO.V
VirusBuster 4.3.26:9 2008.02.19 -
Webwasher-Gateway 6.6.2 2008.02.20 Trojan.Dldr.ConHook.Gen
Additional information
File size: 122432 bytes
MD5: 49128d8d2e4cdb7715d8751060e26641
SHA1: e9171611802f622db2b7020072024a996f34020f
PEiD: -
packers: Morphine
packers: Morphine

For some reason now that I have analyzed the first of four files in the list each time I try to do one of the other three it says it has already been analyzed. It does give met he option to reanalyze the file though. Is this what you would like me to do for the remaining 3?

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\wdlkpwrx.exe
C:\WINDOWS\system32\webxggbm.exe
C:\WINDOWS\system32\xmsvicmd.exe
C:\WINDOWS\system32\ycjjwdwy.exe
C:\WINDOWS\system32\yjiigely.exe
C:\WINDOWS\system32\yluedinr.exe
C:\WINDOWS\system32\lwmscski.dll
C:\WINDOWS\system32\tfqprlmb.dll
C:\WINDOWS\system32\wcftlxyy.dll
C:\WINDOWS\system32\kskspmgy.dll
C:\WINDOWS\system32\mklqiafl.dll
C:\WINDOWS\system32\btxndlww.dll
C:\WINDOWS\system32\cv7\discrven2.exe

Folder::
C:\WINDOWS\system32\cv7

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Combofix log and a new Hijack This log..

ComboFix 08-02-20.2 - Gunit 2008-02-20 16:54:25.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.151 [GMT -5:00]
Running from: C:\Documents and Settings\Gunit\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gunit\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\btxndlww.dll
C:\WINDOWS\system32\cv7\discrven2.exe
C:\WINDOWS\system32\kskspmgy.dll
C:\WINDOWS\system32\lwmscski.dll
C:\WINDOWS\system32\mklqiafl.dll
C:\WINDOWS\system32\tfqprlmb.dll
C:\WINDOWS\system32\wcftlxyy.dll
C:\WINDOWS\system32\wdlkpwrx.exe
C:\WINDOWS\system32\webxggbm.exe
C:\WINDOWS\system32\xmsvicmd.exe
C:\WINDOWS\system32\ycjjwdwy.exe
C:\WINDOWS\system32\yjiigely.exe
C:\WINDOWS\system32\yluedinr.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 23:45 . 2008-02-19 23:45 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-19 23:45 . 2008-02-19 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-19 20:39 . 2008-02-19 20:45 <DIR> d-------- C:\Program Files\Navilog1
2008-02-19 15:14 . 2008-02-19 15:14 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-01 17:45 . 2008-02-01 17:53 <DIR> d-------- C:\Documents and Settings\Gunit\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 01:23 --------- d-----w C:\Documents and Settings\Gunit\Application Data\LimeWire
2008-02-08 16:39 --------- d-----w C:\Documents and Settings\Gunit\Application Data\U3
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-09-14 16:24 30,824 ----a-w C:\Documents and Settings\Gunit\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14 270648]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 18:07 24576]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 18:23 53248]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 15:45 135168]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 11:39 159744]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 16:47 1089589]
"NDSTray.exe"="NDSTray.exe" []
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 17:43 184320]
"lqjatsb"="C:\WINDOWS\lqjatsb.EXE" [ ]
"IVPServiceMgr"="C:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 11:37 475136]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-11-18 03:24 155648]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-03-31 23:34 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-04 17:17 491520]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 02:21 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 14:41 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-11-18 03:11 118784]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-14 03:04 122939]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 20:14 135168]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 17:14 643072]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54 116072]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 23:10 339968]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 18:46 192512]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 88363 C:\WINDOWS\agrsmmsg.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-12 11:39 185632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2005-05-04 15:51:28 83360]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 13:08:08 57344]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-19 18:18:56 155648]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 nwusbmdm;Novatel Wireless Merlin CDMA EV-DO Modem Driver;C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2004-09-17 23:30]
S3 nwusbser;Novatel Wireless Merlin CDMA EV-DO Status Port;C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2004-09-17 23:30]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-16 22:41:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-20 18:50:01 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 16:59:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 17:00:36
ComboFix-quarantined-files.txt 2008-02-20 22:00:19
ComboFix2.txt 2008-02-20 17:29:14
ComboFix3.txt 2008-02-20 04:09:42
ComboFix4.txt 2008-02-20 03:57:12
ComboFix5.txt 2008-02-20 01:10:37
.
2008-02-17 16:22:40 --- E O F ---

Run Navifix as directed in response #6 again please.

Search Navipromo version 3.4.5 began on 2008-02-20 at 19:12:45.60

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Updated on 11.02.2008 at 20h00 by IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 6.0.2900.2180
Filesystem type : NTFS

Done in normal mode

*** Searching for installed Software ***

*** Search folders in C:\WINDOWS ***

*** Search folders in C:\Program Files ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Search folders in "C:\Documents and Settings\Gunit\applic~1" ***

*** Search folders in "C:\Documents and Settings\Gunit\locals~1\applic~1" ***

*** Search folders in "C:\Documents and Settings\Gunit\STARTM~1\Programs" ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

* Scan in "C:\Documents and Settings\Gunit\locals~1\applic~1" *

*** Search files ***

*** Search specific Registry keys ***

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :

2)Heuristic Search :

* In C:\WINDOWS\system32 :

* In "C:\Documents and Settings\Gunit\locals~1\applic~1" :

3)Certificates Search :

Egroup certificate not found !

4)Search known files :

*** Search completed on 2008-02-20 at 19:18:06.09 ***

Much better.

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\lqjatsb.EXE
C:\WINDOWS\system32\uchhffub.exe

Driver::
lqjatsb

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lqjatsb"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Combofix log and a new Hijack This log please.

ComboFix 08-02-20.2 - Gunit 2008-02-20 23:26:17.7 - NTFSx86
Running from: C:\Documents and Settings\Gunit\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gunit\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\lqjatsb.EXE
C:\WINDOWS\system32\uchhffub.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\uchhffub.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-19 23:45 . 2008-02-19 23:45 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-19 23:45 . 2008-02-19 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-19 20:39 . 2008-02-20 19:19 <DIR> d-------- C:\Program Files\Navilog1
2008-02-19 15:14 . 2008-02-19 15:14 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-01 17:45 . 2008-02-01 17:53 <DIR> d-------- C:\Documents and Settings\Gunit\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 01:23 --------- d-----w C:\Documents and Settings\Gunit\Application Data\LimeWire
2008-02-08 16:39 --------- d-----w C:\Documents and Settings\Gunit\Application Data\U3
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-09-14 16:24 30,824 ----a-w C:\Documents and Settings\Gunit\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14 270648]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 18:07 24576]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 18:23 53248]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 15:45 135168]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 11:39 159744]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 16:47 1089589]
"NDSTray.exe"="NDSTray.exe" []
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 17:43 184320]
"IVPServiceMgr"="C:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 11:37 475136]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-11-18 03:24 155648]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-03-31 23:34 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-04 17:17 491520]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 02:21 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 14:41 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-11-18 03:11 118784]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-14 03:04 122939]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 20:14 135168]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 17:14 643072]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 20:54 116072]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 23:10 339968]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 18:46 192512]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 88363 C:\WINDOWS\agrsmmsg.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-12 11:39 185632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2005-05-04 15:51:28 83360]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 13:08:08 57344]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-19 18:18:56 155648]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 nwusbmdm;Novatel Wireless Merlin CDMA EV-DO Modem Driver;C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2004-09-17 23:30]
S3 nwusbser;Novatel Wireless Merlin CDMA EV-DO Status Port;C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2004-09-17 23:30]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-16 22:41:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-20 22:50:01 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 23:29:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 23:30:59
ComboFix-quarantined-files.txt 2008-02-21 04:30:43
ComboFix2.txt 2008-02-20 22:00:37
ComboFix3.txt 2008-02-20 17:29:14
ComboFix4.txt 2008-02-20 04:09:42
ComboFix5.txt 2008-02-20 03:57:12
.
2008-02-17 16:22:40 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33, on 2008-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Gunit\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/te...
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Player...
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Player...
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads...
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9733 bytes

Your computer is clean, but a thing or two to do yet.

Update java immediately and be sure to uninstall the older version. Your java is out of date and can be exploited.

Download the latest version of java from this link Java
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-1_6_3-windowsi586-p.exe to install the newest version.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?

The computer is running much faster , thanks! Are there any specific options in the spywareblaster program that I want to select. I saw that it has specific tasks about Mozilla and Internet Explorer (I use Mozilla). Also, now that we are done do you recommend leaving combofix and hijackthis on my computer still? And do you have any tips about avoiding viruses in general??

I check all the options in Spywareblaster that apply to me (IE and Firefox). Keep java updated, xp updated and stay off of any "iffy" sites.

If your C:\ icon is a red X do the following:

This should fix the red X.

Go to start> run> type in notepad > ok. Copy paste the following into notepad making [autorun] the very top line:

[autorun]

ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8

Click "save as"> then using the drop down arrow on the far right of the "save in" window select Local Disk C: to be displayed in the "save in" window.

Next type "C:\autorun.inf" (you must use the quotes) in the file name window> click save.

Restart the computer.

Glad we could help.

One more question for you!

After running all of the scans my clock seems to be stuck in military time. How do I put that back to normal??

Thank you again for all the help! I cannot tell you how much I appreciate it!

Go to start>control panel> regional and language options> custommize> time> click the blue drop down arrow to the far right oh "time format"> select:

h:mm:ss tt

then click apply> ok.

If the time was corrected go to start>run type in combofix /u ( note the space after combofix) then press ok.

You can also delete/uninstall any other tools that we used.

How is the computer operating?

Is running great! Much faster and not hanging at all! Thanks!!

Glad we could help.

I know this has nothing to do with virus's
But can someone please tell me why my
computer screen is red? I took a picture of
it (print scr button) and sent it to a friend
and they said that they could see it perfectly?
The screen/monitor is not even 6
months old yet,PLEASE HELP!
could it be a virus? or is the screen just buggered?

Rebekah P

Elephants, please start your own thread so that we can find you when trying to respond to your post. And just state the problem as you did here.

Probably a virus is causing this.

Sorrrrrrrrrry.

Rebekah P

I just noticed that there is still the red X as the icon for my C drive. Is this left over or do I still have a problem??