Look2Me (or Vundo?) variant not recognized

Greetings;
Yesterday (9/8) My computer began to display symptoms which according to my web searches are characteristic of Vundo (cannot stay in Standby mode; occasionally IE starts and shows some stupid ad page (amxtravel, usually)).
I tried my own spyware tools (AdAware), then downloaded SpyBot, ran McAfee, etc. Nothing. I then came to MajorGeeks and since this morning (9/9) I've been following the drill in the Basic Removal guide -- I downloaded everything and have been scanning the stink out of this puppy for nigh on 9 hours. (pant, wheeze)

The only thing that happened was CWShredder kept "removing" what it claimed was CWS.Look2Me, but every time I allowed it to reboot, it hung on startup ("CWShredder has experienced a problem and needs to shut down - blah, blah"). I repeated that in Safe mode and regular... but Kill2Me apparently saw nothing. Just a couple hours ago, my newest update to McAfee downloaded and I tried that... still not one of the scans I ran (except for CWShredder) ever saw a thing.

But as evidenced by my continued inability to enter Standby mode, that Son of a Bunion is still there.
Whuddoeyedo??

 

Re: Look2Me (or Vundo?) variant = gebyv?

All right, people, here's some more data;

I believe I've tracked it down to a file called gebyv.dll; it was installed at the right point in time, is not recognized by anything, and is insinuated as a BHO and a "winlogon notify" entry. It even drops backup copies with reversed filename, so I'm pretty sure it's not a friendly program.

I have attempted to fix it with HJT, but that fails even in Safe Mode. I even used process explorer to suspend the Explorer and winlogon threads -- it appeared that HJT was able to fix it then, but the bugger was back when I rebooted (even in Safe mode).
Any ideas?

 

All right -- problem solved -- I don't know if anyone is listening out there, but for when this pops again somewhere else, this is so's ya know.

I had to use the proper combination... in normal mode, I opened HJT and Process Explorer then closed all other windows. I did a scan with HJT and set the "delete on reboot" option for gebyv.dll.
Then in Process Explorer, I suspended both the Explorer and Winlogon processes (both of these referenced the dll). Then I ran HJT to fix both the BHO entry and the winlogon entry for gebyv...
Hard reboot...
Well, that booger gebyv was back in the System32 directory, BUT it was no longer resident in memory, the BHO and winlogon entries were gone, and I could delete it manually.
Standby mode works again, and there seems to be no further trace of gebyv (or vybeg) on my system.
Whew.