Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\system32\A0A77291C2.dll
2007-05-08 11:33:57 1,479,706 --sha-w C:\WINDOWS\system32\rrqss.bak1
2007-05-07 11:33:42 1,470,307 --sha-w C:\WINDOWS\system32\rrqss.bak2
2007-05-06 11:32:09 1,471,679 --sha-w C:\WINDOWS\system32\rrqss.ini2

==

Please download VundoFix.exe
to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

==

Please download OTMoveIt from here:
http://download.bleepingcomputer.com...r/OTMoveIt.exe
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file path below to the clipboard by highlighting and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\cscdl.dll

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
The list will be processed and the results for each line will be displayed in the right-hand pane.
Highlight everything in the Results window, press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.