I have deleted MSN and Yahoo programs, reloaded and it reinfects each time. McAfee hasn't found it, and neither has Superantispyware.
StartupList report, 12/6/2009, 5:15:20 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows Vista SP2 (WinNT 6.00.1906)
Detected: Internet Explorer v7.00 (7.00.6002.18005)
* Using default options
==================================================
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\VM_STI.EXE
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmirpcw.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
wmirpcw.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
IgfxTray = C:\Windows\system32\igfxtray.exe
HotKeysCmds = C:\Windows\system32\hkcmd.exe
Persistence = C:\Windows\system32\igfxpers.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
RtHDVCpl = RtHDVCpl.exe
LtMoh = C:\Program Files\ltmoh\Ltmoh.exe
NDSTray.exe = NDSTray.exe
HWSetup = C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
SVPWUTIL = C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
KeNotify = C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PINGER = C:\TOSHIBA\IVP\ISM\pinger.exe /run
SiteAdvisor = C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
mcagent_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
BigDogPath = C:\Windows\VM_STI.EXE V-Gear TalkCam 1.1
ATT-SST_McciTrayApp = "C:\Program Files\ATT-SST\McciTrayApp.exe"
ISW.exe = "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
CarboniteSetupLite = "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
AOLRebootNeeded = regsvr32.exe /s
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
MsnMsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
ehTray.exe = C:\Windows\ehome\ehTray.exe
ATT-SST = C:\Program Files\ATT-SST\McciBrowser.exe -AppKey=ATT-SST -URL=file://C:\Program Files\ATT-SST\OCB\41500bd3-91c3-4bfd-a1a6-4cd7eaa78267\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowId=HOMEPAGE,FlowParams=
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
Shell & screensaver key from C:\Windows\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\Mystify.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll - {089FD14D-132B-48FC-8861-0048AE113215}
AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll - {27B4851A-3207-45A2-B947-BE8AFE6163AB}
(no name) - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}
(no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB}
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
(no name) - C:\Program Files\Windows Live\Toolbar\wltcore.dll - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
--------------------------------------------------
Enumerating Task Scheduler jobs:
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
McDefragTask.job
McQcTask.job
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\Windows\system32\webcheck.dll
--------------------------------------------------
End of report, 8,141 bytes
Report generated in 0.156 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only