I have 2 trojans on my computer 1 is Vundo and the other is Boaxxe.dll. I have tried Vundo fix and PC Doctor and no help still on my system..Here is the Hijack log.

Thanks to whomever will help

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:28 PM, on 7/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
c:\hp\HPEZBTN\HPBtnSrv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: BhoApp Class - {32324134-3465-4325-6543-325435274523} - C:\Program Files\altcmd\altcmd32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7D5093B7-5468-484B-BC23-83CA747C92D1} - C:\Windows\system32\geBqQIXn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnkjIaX.dll,#1
O4 - HKLM\..\Run: [BM05f3b107] Rundll32.exe "C:\Windows\system32\ljpgnjqp.dll",s
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7952 bytes

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Thanks here is the combofix log....

ComboFix 08-07-21.2 - Mejia 2008-07-22 21:00:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1986 [GMT -7:00]
Running from: C:\Users\Mejia\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\AbdNnnmp.ini
C:\Windows\System32\AbdNnnmp.ini2
C:\Windows\system32\acbamhcs.dll
C:\Windows\System32\AGNUBcdd.ini
C:\Windows\System32\AGNUBcdd.ini2
C:\Windows\System32\aGOWayay.ini
C:\Windows\System32\aGOWayay.ini2
C:\Windows\System32\BLTtuutv.ini
C:\Windows\System32\BLTtuutv.ini2
C:\Windows\System32\CJlUDKkj.ini
C:\Windows\System32\CJlUDKkj.ini2
C:\Windows\system32\cvcywpbg.ini
C:\Windows\system32\eampsmii.dll
C:\Windows\System32\eMUuCfhk.ini
C:\Windows\System32\eMUuCfhk.ini2
C:\Windows\system32\fcyvohxc.dll
C:\Windows\System32\FhknTtwa.ini
C:\Windows\System32\FhknTtwa.ini2
C:\Windows\System32\FPWDJjjl.ini
C:\Windows\System32\FPWDJjjl.ini2
C:\Windows\system32\fyrnvjqr.dll
C:\Windows\system32\geBqQIXn.dll
C:\Windows\System32\GijPrtwa.ini
C:\Windows\System32\GijPrtwa.ini2
C:\Windows\System32\hRXaaGgh.ini
C:\Windows\System32\hRXaaGgh.ini2
C:\Windows\system32\ietgavkg.ini
C:\Windows\system32\ihkSBbIi.ini
C:\Windows\System32\ihkSBbIi.ini2
C:\Windows\System32\IijlSvut.ini
C:\Windows\System32\IijlSvut.ini2
C:\Windows\system32\iiuhcj.dll
C:\Windows\system32\ivmlcgci.ini
C:\Windows\system32\jfbirdma.ini
C:\Windows\system32\jfdvtonu.ini
C:\Windows\System32\jRqqAJlm.ini
C:\Windows\System32\jRqqAJlm.ini2
C:\Windows\system32\jusched.exe
C:\Windows\system32\ljpgnjqp.dll
C:\Windows\system32\lkbsgcui.dll
C:\Windows\system32\lsqrgdcr.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\MSINET.oca
C:\Windows\system32\muxjnmlc.dll
C:\Windows\system32\mywlcrqe.ini
C:\Windows\System32\nXIQqBeg.ini
C:\Windows\System32\nXIQqBeg.ini2
C:\Windows\system32\oaaaqkab.ini
C:\Windows\system32\oPIYpNGy.dll
C:\Windows\system32\opnkjIaX.dll
C:\Windows\system32\oqlyvjlp.ini
C:\Windows\System32\PYyGgOYb.ini
C:\Windows\System32\PYyGgOYb.ini2
C:\Windows\System32\qmjdistp.ini
C:\Windows\System32\QpAbcMoq.ini
C:\Windows\System32\QpAbcMoq.ini2
C:\Windows\System32\qpoXFfhk.ini
C:\Windows\System32\qpoXFfhk.ini2
C:\Windows\System32\qWHkmnnn.ini
C:\Windows\System32\qWHkmnnn.ini2
C:\Windows\system32\qyunjeyu.ini
C:\Windows\system32\rxlhisxy.ini
C:\Windows\System32\ryfwwxsg.ini
C:\Windows\system32\samwwjue.ini
C:\Windows\System32\schmabca.ini
C:\Windows\System32\tAIlonpo.ini
C:\Windows\System32\tAIlonpo.ini2
C:\Windows\system32\tpvkbyow.dll
C:\Windows\system32\uFfeKkkj.ini
C:\Windows\System32\uFfeKkkj.ini2
C:\Windows\system32\ujftfh.dll
C:\Windows\system32\uppeabnv.ini
C:\Windows\System32\uuFhOqru.ini
C:\Windows\System32\uuFhOqru.ini2
C:\Windows\System32\vGOWEfhk.ini
C:\Windows\System32\vGOWEfhk.ini2
C:\Windows\system32\vkjmaigx.dll
C:\Windows\system32\vrmtuihk.ini
C:\Windows\system32\vTlKddAQ.dll
C:\Windows\system32\wlionypw.dll
C:\Windows\System32\wqsocywu.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-22 19:52 . 2008-07-22 19:52 32,768 --a------ C:\7d8716133410c30.bup
2008-07-22 19:52 . 2008-07-22 19:52 29,184 --a------ C:\7d87161334216d0.bup
2008-07-22 19:42 . 2008-07-22 19:42 <DIR> d-------- C:\Users\All Users\PC Tools
2008-07-22 19:42 . 2008-07-22 19:42 <DIR> d-------- C:\ProgramData\PC Tools
2008-07-22 19:42 . 2008-07-22 19:41 159,880 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-07-22 19:41 . 2008-07-22 19:42 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-22 19:38 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-07-22 19:38 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-07-22 19:38 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-07-22 19:38 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-07-22 19:37 . 2008-07-22 19:37 <DIR> d-------- C:\Users\Mejia\AppData\Roaming\PC Tools
2008-07-22 19:37 . 2008-07-22 20:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-22 19:07 . 2008-07-22 19:07 <DIR> d-------- C:\Program Files\altcmd
2008-07-22 18:38 . 2008-07-22 18:38 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-07-22 17:55 . 2008-07-22 17:55 <DIR> d-------- C:\Users\Mejia\AppData\Roaming\McAfee
2008-07-22 17:06 . 2008-07-22 18:12 100 --a------ C:\Users\Mejia\AppData\Roaming\temp.dll
2008-07-16 04:16 . 2008-07-22 18:38 <DIR> d-------- C:\VundoFix Backups
2008-07-15 02:46 . 2008-07-15 02:46 <DIR> d-------- C:\!KillBox
2008-07-01 17:21 . 2008-07-01 17:21 <DIR> d-------- C:\Users\All Users\Google
2008-07-01 17:18 . 2008-07-01 17:18 0 --a------ C:\Windows\nsreg.dat
2008-07-01 17:10 . 2008-07-01 17:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-25 03:50 . 2008-06-25 03:50 <DIR> d--h-c--- C:\Users\All Users\{D2A9AAE9-BAF5-4CBE-8CC4-9314EE287B09}
2008-06-25 03:50 . 2008-06-25 03:50 <DIR> d--h-c--- C:\ProgramData\{D2A9AAE9-BAF5-4CBE-8CC4-9314EE287B09}
2008-06-25 03:50 . 2008-05-30 14:11 3,850,760 --a------ C:\Windows\System32\D3DX9_38.dll
2008-06-25 03:50 . 2008-05-30 14:11 1,491,992 --a------ C:\Windows\System32\D3DCompiler_38.dll
2008-06-25 03:50 . 2008-05-30 14:19 507,400 --a------ C:\Windows\System32\XAudio2_1.dll
2008-06-25 03:50 . 2008-05-30 14:11 467,984 --a------ C:\Windows\System32\d3dx10_38.dll
2008-06-25 03:50 . 2008-05-30 14:18 238,088 --a------ C:\Windows\System32\xactengine3_1.dll
2008-06-25 03:50 . 2008-05-30 14:17 65,032 --a------ C:\Windows\System32\XAPOFX1_0.dll
2008-06-25 03:50 . 2008-05-30 14:17 25,608 --a------ C:\Windows\System32\X3DAudio1_4.dll
2008-06-25 03:47 . 2008-06-25 03:47 <DIR> d-------- C:\Program Files\Utherverse Digital Inc
2008-06-23 17:35 . 2008-06-23 17:35 <DIR> d-------- C:\Users\All Users\Age of Empires 3
2008-06-23 17:35 . 2008-06-23 17:35 <DIR> d-------- C:\ProgramData\Age of Empires 3
2008-06-23 17:03 . 2008-06-23 17:11 <DIR> d-------- C:\Program Files\Common Files\Microsoft Games
2008-06-23 16:47 . 2008-06-23 16:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-06-23 16:47 . 2008-06-23 16:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-06-23 16:47 . 2008-06-23 16:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-06-23 16:47 . 2008-06-23 16:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-06-23 16:47 . 2008-06-23 16:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-06-23 16:47 . 2008-06-23 16:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-06-23 16:47 . 2008-06-23 16:47 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-23 03:59 --------- d---a-w C:\ProgramData\TEMP
2008-07-23 00:06 --------- d-----w C:\ProgramData\McAfee
2008-07-23 00:06 --------- d-----w C:\Program Files\McAfee
2008-07-23 00:06 --------- d-----w C:\Program Files\Common Files\McAfee
2008-07-22 12:02 --------- d-----w C:\Program Files\City of Heroes
2008-07-20 00:33 --------- d-----w C:\Users\Mejia\AppData\Roaming\LimeWire
2008-07-20 00:28 --------- d-----w C:\Users\Mejia\AppData\Roaming\.BitTornado
2008-07-16 00:19 100 ----a-w C:\Users\Mejia\AppData\Roaming\wklnhst.dat
2008-07-12 09:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-24 00:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 23:49 --------- d-----w C:\Program Files\Microsoft Games
2008-06-18 02:44 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-18 02:43 --------- d-----w C:\Program Files\Ubi Soft
2008-06-18 02:38 --------- d-----w C:\Program Files\Liquid Entertainment
2008-06-17 03:05 --------- d-----w C:\Users\Mejia\AppData\Roaming\iWin
2008-06-17 03:04 --------- d-----w C:\Program Files\MSN Games
2008-06-13 19:06 --------- d-----w C:\Users\Mejia\AppData\Roaming\Ubisoft
2008-06-13 18:58 --------- d-----w C:\ProgramData\Ubisoft
2008-06-13 18:25 --------- d-----w C:\Program Files\Ubisoft
2008-06-12 10:08 --------- d-----w C:\Program Files\Windows Mail
2008-06-10 09:10 --------- d-----w C:\ProgramData\SimCity Societies
2008-06-10 08:53 --------- d-----w C:\Program Files\Electronic Arts
2008-06-09 13:47 --------- d-----w C:\Program Files\Sierra
2008-06-08 08:43 --------- d-----w C:\Users\Mejia\AppData\Roaming\GameHouse
2008-06-08 08:43 --------- d-----w C:\Program Files\GameHouse
2008-06-08 05:41 --------- d-----w C:\Program Files\PopCap Games
2008-06-08 05:27 --------- d-----w C:\Program Files\PowerISO
2008-06-07 19:43 --------- d-----w C:\Program Files\TransMac
2008-06-07 10:31 --------- d-----w C:\ProgramData\PopCap Games
2008-06-07 09:02 --------- d-----w C:\Users\Mejia\AppData\Roaming\PlayFirst
2008-06-07 09:02 --------- d-----w C:\ProgramData\WildTangent
2008-06-07 09:02 --------- d-----w C:\ProgramData\PlayFirst
2008-06-06 19:05 --------- d-----w C:\Users\Mejia\AppData\Roaming\Roxio
2008-06-06 19:05 --------- d-----w C:\ProgramData\Roxio
2008-06-06 19:04 --------- d-----w C:\Users\Mejia\AppData\Roaming\Media Player Classic
2008-06-06 14:11 --------- d-----w C:\ProgramData\Trymedia
2008-06-06 14:11 --------- d-----w C:\ProgramData\Sandlot Games
2008-06-06 08:44 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-06-05 18:49 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-02 17:08 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-06-02 01:33 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2008-05-30 01:03 --------- d-----w C:\ProgramData\NVIDIA
2008-05-30 01:01 174 --sha-w C:\Program Files\desktop.ini
2008-05-30 00:54 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-30 00:54 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-30 00:54 --------- d-----w C:\Program Files\Windows Journal
2008-05-30 00:54 --------- d-----w C:\Program Files\Windows Defender
2008-05-30 00:54 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-30 00:54 --------- d-----w C:\Program Files\Windows Calendar
2008-05-26 21:54 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-26 21:01 --------- d-----w C:\Program Files\Funcom
2008-05-26 21:00 --------- d-----w C:\ProgramData\Funcom
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32324134-3465-4325-6543-325435274523}]
2005-11-20 08:45 163840 --a------ C:\Program Files\altcmd\altcmd32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
backup=C:\Windows\pss\$McRebootA5E6DEAA56$.lnk.Com monStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mejia^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Users\Mejia\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
--a------ 2006-11-24 21:20 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-13 16:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2007-05-24 13:13 71176 c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 08:01 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 14:57 1103480 C:\Program Files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2007-01-29 22:10 46632 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-04-10 15:14 1107848 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2006-12-08 09:16 65536 C:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-08-28 01:59 8473120 C:\Windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-08-28 01:59 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-08-28 01:59 86016 C:\Windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
--a------ 2007-02-15 04:59 118784 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2007-01-29 22:12 30248 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
--a------ 2007-02-01 14:46 255528 C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 16:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 00:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 10:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
--a------ 2007-04-07 02:56 54936 C:\Windows\System32\jureg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-24 23:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 00:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 00:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-10-25 05:52 4702208 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{5448DF4B-7068-49AE-9368-E2DAB0C4A9DE}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B62A101A-BA0F-479A-AEF9-ACFAA394CB5D}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{85081B59-42E0-44F2-8877-F53B1D4758BE}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{011E587B-E51C-49BA-B14A-2DFF32D015B7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{B849DA94-D8C8-409F-91A6-56742B1AA2D2}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{0B35845D-A227-45A2-8A58-58FD7B62102E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{2DF2CF5F-F1EE-4ADF-99E5-F3F6DF4F4516}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{14DEE5E8-5F93-4CB1-9B1D-06F95A63F23C}"= TCP:1900:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (UDP)
"{280FE1A3-3849-485B-80A7-0FD103E35CA2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{340C16FF-04A7-4645-9DEC-930CF285E933}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3041B941-63CD-486A-968A-600DED330A10}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{30E72723-FDCA-461D-B20C-0346C56B343F}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0995B3A-8EA9-4E31-932C-1BC9F0FC414C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D31692C9-2D81-4742-9251-51CFC3580674}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4C1FC5C5-491C-4C2E-9F0B-50FBAEEBADEE}"= UDP:0:LocalSubnet:LocalSubnet:Magix UPnP Media Server
"{C636E677-7F7F-41CD-B1BC-52D1EE029AB5}"= UDP:2869:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (TCP)
"{161C01F2-E053-45D7-8580-E08A0E00F68E}"= UDP:C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service
"{EA0B1FA0-F25B-4D39-937A-4CAF18CF892F}"= TCP:C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service
"{C353FF5E-D191-41E1-B2A8-72EB00E2D1BA}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{B734FFF0-C333-481E-B393-C4156E36B200}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D07B0CC5-FC9F-469D-94D5-5EA8D2A203F9}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FD53C397-C417-44B1-874F-2069B22FA946}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A8AE633A-6553-44C8-827E-5E0C8DB7B5D1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6586CD2D-306E-46A4-ADFC-BA90C8F0B944}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5D92BDE6-622C-4A48-8727-E05262AED0DC}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{B8C68070-5BAE-4C44-8B39-E74807D7AB41}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{A55DAF5D-D43F-4DA0-A91D-ABB7E28F7FD0}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{0397DCC5-C7B0-4695-A6D0-208A3088505E}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{E54C1DF9-F8BB-4909-9BB0-248D82BB4806}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{33584A62-3521-4F78-AEC0-EBC18CB12A92}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{81C96404-70F9-48E9-A9CA-C7FD29C13D48}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{3C0FCD8E-AC74-4E2E-8883-287E95545431}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{70BA4B33-B7F7-4D79-945C-A69C49DDC861}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{4635E697-35A4-4B0F-9361-1C0E05796E24}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{CA84C2B4-95F5-4B34-BCEC-547699039E4C}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{E0337089-BD06-49F3-9748-D7C07A2041FD}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{1D088D05-E14A-4635-B282-C7672192EE70}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{4A5F8198-FEEF-47E5-8065-CE384F74D141}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{6E81D8A1-FC5E-4DF5-BECE-AC38B7091D62}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{77F5B509-CBB0-4567-9466-1C83A55FF23C}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.s ys [2008-07-22 19:41]
R2 DQLWinServiceQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe [2006-09-03 10:32]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 08:19]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 02:49]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 09:17]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 09:13]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 17:00]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6e03f371-dc59-11dc-966c-001d609c629c}]
\shell\AutoRun\command - K:\autorun.exe
\shell\setup\command - K:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 14:39:01 C:\Windows\Tasks\HPCeeScheduleForMejia.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
"2008-06-15 17:10:07 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-01 08:20:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EleFunAnimatedWallpaper - (no file)
HKLM-Run-MSServer - C:\Windows\system32\opnkjIaX.dll
HKLM-Run-BM05f3b107 - C:\Windows\system32\ljpgnjqp.dll
HKLM-Run-06c0829b - C:\Windows\system32\acbamhcs.dll
HKLM-Run-Amazing3DAquariumWallpaper - (no file)
MSConfigStartUp-06c0829b - C:\Windows\system32\bakqaaao.dll
MSConfigStartUp-BM05f3b107 - C:\Windows\system32\ljpgnjqp.dll
MSConfigStartUp-MSServer - C:\Windows\system32\qoMfDTlJ.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion &pf=desktop
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 21:07:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
************************************************** ************************
.
Completion time: 2008-07-22 21:11:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 04:10:51

Pre-Run: 143,104,499,712 bytes free
Post-Run: 144,395,427,840 bytes free

387 --- E O F --- 2008-06-25 10:01:06


*************************And the new Highjack this log********
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:07 PM, on 7/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: BhoApp Class - {32324134-3465-4325-6543-325435274523} - C:\Program Files\altcmd\altcmd32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5798 bytes

Have you run Vundofix ???


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O2 - BHO: BhoApp Class - {32324134-3465-4325-6543-325435274523} - C:\Program Files\altcmd\altcmd32.dll

Reboot....................

==================================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*