Looking good.Lets have one more check...

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages .
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
Double-click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Yikes! I wasn't logged out of the forum this time. Things must be improving. What's next, good looking?

ComboFix 09-01-05.02 - Joan 2009-01-05 16:20:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.475 [GMT -6:00]
Running from: c:\documents and settings\Joan\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.


c:\windows\system32\rxvpabxc.ini
c:\windows\system32\waptuviw.ini


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.


-------\Service_seneka




((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.


2009-01-05 14:44 . 2009-01-05 14:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 14:44 . 2009-01-05 14:44 <DIR> d-------- c:\documents and settings\Joan\Application Data\Malwarebytes
2009-01-05 14:44 . 2009-01-05 14:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 14:44 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 14:44 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 22:19 . 2009-01-01 22:19 <DIR> d-------- c:\program files\Opera
2009-01-01 20:35 . 2009-01-01 21:50 77,824 --a------ c:\windows\system32\bgl.exe
2008-12-29 18:08 . 2008-12-29 18:08 <DIR> d-------- c:\program files\Bonjour
2008-12-29 18:07 . 2008-12-29 18:07 <DIR> d-------- c:\program files\iTunes
2008-12-29 18:07 . 2008-12-29 18:07 <DIR> d-------- c:\program files\iPod
2008-12-29 18:07 . 2008-12-29 18:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-29 18:04 . 2008-12-29 18:05 <DIR> d-------- c:\program files\QuickTime
2008-12-29 15:15 . 2008-12-29 15:15 410,984 --------- c:\windows\system32\deploytk.dll
2008-12-24 14:26 . 2008-12-27 00:14 <DIR> d-------- c:\documents and settings\Joan\Application Data\Move Networks
2008-12-20 16:33 . 2008-12-20 16:33 14,848 ---hs---- c:\windows\Thumbs.db
2008-12-17 17:48 . 2008-12-17 17:48 409 --------- c:\windows\cdplayer.ini
2008-12-17 11:14 . 2008-12-22 02:03 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-17 11:14 . 2008-12-22 10:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-15 01:23 . 2009-01-05 01:46 <DIR> d-------- c:\documents and settings\Joan\My Documents Archive
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --------- c:\windows\system32\dnssd.dll


.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-01-05 22:29 --------- d-----w c:\documents and settings\Joan\Application Data\OpenOffice.org2
2009-01-05 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-30 00:25 --------- d-----w c:\program files\Safari
2008-12-30 00:04 --------- d-----w c:\program files\Common Files\Apple
2008-12-29 21:14 --------- d-----w c:\program files\Java
2008-12-21 10:16 --------- d-----w c:\program files\CATraxx
2008-12-19 07:44 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-12-17 17:41 --------- d-----w c:\program files\BookCAT
2008-12-15 09:35 --------- d-----w c:\documents and settings\Joan\Application Data\Corel
2008-11-22 16:12 33,536 ------w c:\windows\system32\drivers\tvtfilter.sys
2008-11-06 17:01 --------- d-----w c:\program files\Lenovo
2008-02-26 06:00 1,398,352 -c----w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2008-02-26 05:46 32,768 -csh--w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2008-08-05 20:21 32,768 -csh--w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080 806\index.dat
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BsMnt"="c:\windows\BisonCam\BsMnt.exe" [2007-04-05 274432]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 851968]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe " [2008-03-26 59680]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-25 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-25 162584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-03-25 138008]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe" [2007-05-31 946176]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe " [2007-04-26 120368]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 439856]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-11-13 478800]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 1410304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-17 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]


c:\documents and settings\Joan\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]


c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-05-31 15:57 155648 c:\windows\system32\FpWinlogonNp.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 15:36 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yxpwhn.dll


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Joan\\My Documents\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=


R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2007-10-25 30728]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-10-25 455936]
R4 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-06-22 106496]
R4 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [2007-07-20 54832]
R4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 569344]
R4 WisFnCtrlSvc;WisFnCtrlSvc;c:\program files\PM Agent\WisFnCtrlSvc.exe [2008-02-25 28672]
.
Contents of the 'Scheduled Tasks' folder


2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]


2009-01-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 16:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Joan\Application Data\Mozilla\Firefox\Profiles\tathqz6k.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?um=1&ie=UTF-8&sa=N&shva=1#inbox
FF - plugin: c:\documents and settings\Joan\Application Data\Mozilla\Firefox\Profiles\tathqz6k.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\Joan\My Documents\Netscape6\nppl3260.dll
FF - plugin: c:\documents and settings\Joan\My Documents\Netscape6\nprjplug.dll
FF - plugin: c:\documents and settings\Joan\My Documents\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.


************************************************** ************************


catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 16:30:33
Windows 5.1.2600 Service Pack 3 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------


- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ThinkVantage\AMSG\Amsg.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\progra~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-01-05 16:32:22 - machine was rebooted [Joan]
ComboFix-quarantined-files.txt 2009-01-05 22:32:19


Pre-Run: 114,258,853,888 bytes free
Post-Run: 114,873,606,144 bytes free


210 --- E O F --- 2008-12-18 07:33:16

Thats fine.You should be ok now...

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted text below into the box and click OK.

ComboFix /u

Thank you so much for being here, Pancake and Crush. Your help has restored my sanity.

Until next time........................................

Lets hope there will not be a next time......stay clean.