0

My computer won't register any of these.. I try to open a program, extract a rar or zip and nothing happens. Here is my other post http://www.daniweb.com/forums/thread90468.html

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:30:13 AM, on 9/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apache2triad\bin\apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\apache2triad\mysql\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\apache2triad\bin\apache.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\taskmgr.exe
c:\program files\aim6\anotify.exe
C:\progra~1\HJT\HJT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08A4D98A-864E-4BA2-998D-9C58EE7556C2} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {31657B86-01E9-43C8-A0C5-F02BE201455c} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {4EBC417D-C9A7-4FD3-8135-7E33E63B051F} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - C:\WINDOWS\system32\ljjkheb.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb101\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {9E7FA759-B446-4E57-AF42-A97A948B6CB3} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {9F0AD5E8-002F-4666-8F74-B5457C89FDD0} - C:\WINDOWS\system32\nxmjexch.dll
O2 - BHO: (no name) - {A8CE4D48-E68D-4FE4-89FE-300731C77148} - C:\WINDOWS\system32\nnsqqmqc.dll
O2 - BHO: (no name) - {B064D7DD-F68F-4D03-9C37-C86C2D72D4B7} - C:\WINDOWS\system32\nnsqqmqc.dll
O2 - BHO: (no name) - {E5D48306-2B38-4D8C-B74C-8C4F420E02F2} - C:\WINDOWS\system32\henclvoc.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\hvrramje.dll",forkonce
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\narrshwh.dll",sitypnow
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb101\res\DealioSearch.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Taylor\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb101\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163462521328
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - 
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14F6B734-BA66-426F-89D0-0FDE45917491}: NameServer = 85.255.116.40,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A9DCDA8-97A7-4902-A9B5-8A0F8F534386}: NameServer = 85.255.116.40,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9EAACB2-AC23-441F-98E2-DE667442E568}: NameServer = 85.255.116.40,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA87762A-AC5D-4BC2-B820-14450E34CD82}: NameServer = 85.255.116.40,85.255.112.115
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.40 85.255.112.115
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.40 85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.40 85.255.112.115
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjkheb - C:\WINDOWS\SYSTEM32\ljjkheb.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\apache.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Apache2Triad MySql Service (mysql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 10919 bytes

Thanks for all and any help :]

3
Contributors
15
Replies
17
Views
10 Years
Discussion Span
Last Post by Jamlpr
0

You say you've hit it with AV... but what about AS? The log is LOADED, and you have two resident AV services - that is not good, one is all you can run. Remove one now. You have a redirector, vundo, bunch of trojan/spywares...
Help? Okay...
==Download fixwareout from http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe - and save it to your desktop.
Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked to reboot your computer, and it may take longer than usual to load - this is normal.

Next check some settings....In control panel select the Network and Internet Connections , rclick on your default connection, usually local area connection for cable and dsl, and lclick on properties. Click the Networking tab. Dclick on the Internet Protocol (TCP/IP) item and select Obtain DNS servers automatically. Press OK twice to get out of the properties screen and reboot if it asks.

Now flush the DNS cache: Go Start > Run, type cmd and click OK.
In the command screen, type in cd\ and then press Enter. Now type in ipconfig /flushdns and then Enter. [space after ipconfig]. Type Exit.

FIX CHECKED ENTRIES....!!
Start Hijackthis, do a Scan Only and place checkmarks against all of the following, and then press Fix Checked:

O17 - HKLM\System\CCS\Services\Tcpip\..\{14F6B734-BA66-426F-89D0-0FDE45917491}: NameServer = 85.255.116.40,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A9DCDA8-97A7-4902-A9B5-8A0F8F534386}: NameServer = 85.255.116.40,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9EAACB2-AC23-441F-98E2-DE667442E568}: NameServer = 85.255.116.40,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA87762A-AC5D-4BC2-B820-14450E34CD82}: NameServer = 85.255.116.40,85.255.112.115
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.40 85.255.112.115
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.40 85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.40 85.255.112.115

You have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - this is important.
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
=Restart your system in Safe Mode.
Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
!!! Check the Vundofix log for any found files that were not deleted - if present rerun Vundofix !!!
Post the contents of C:\vundofix.txt plus a new HijackThis log.

==MyWebSearch Search Assistant - Go to Add/Remove programs and remove MyWebSearch Bar, MyWeb Search and Search Assistant. Use hijackthis to remove all BHO's, toolbars, reg startups, context menu items , anything with MyWeb in it.
Depending upon how your sys works you may have to take those dl's on a pen drive or other removable media, eg CDRW.

0

O2 - BHO: (no name) - {4EBC417D-C9A7-4FD3-8135-7E33E63B051F} - C:\WINDOWS\system32\ssqrr.dll

O20 - Winlogon Notify: ljjkheb - C:\WINDOWS\SYSTEM32\ljjkheb.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll

These look dodgy and as Gerbil suspects, you need to get rid of a Trojan. I didn't see a telltale ldoger (.EXE) in your root C:\ - but the trojan manifests itself in various ways.

You could also see my post on 24-Aug which provides a step by step cleansing approach if you can put your disk drive into an external USB enclosure on a different PC. I was happoer doing this because I wasn't operating on the live system.

0

I get off at eight tonight, so I'll try all this.

The link for fixwareout is down.

Thanks! :]

0

Hi, jamlpr, that link is up - I suspect your hosts file may be blocking you, some malware make undesirable entries...
There are tools to fix it, try this:
==download HostsXpert from http://www.funkytoad.com/content/view/13/31/
-click Restore MS Hosts File button.
Some security applications, possibly also various malware, will lock your Hosts file [as a protection]. If HostsXpert is unable to restore your file check for applications which may have incidentally locked it. Lock/Unlock hosts exists in Zonealarm and Spybot S&D.
ZoneAlarm : look under firewall, advanced;
Spybot : click Tools,Hosts File, uncheck "Lock Hosts file read-only as protection against hijackers"
Or just...[ but a Spybot setting may over-ride this command....] do this:
Go Start, run, type cmd -press Enter. Paste this line into the window at the prompt, press Enter, close the window.

attrib -r -h -s %SystemRoot%\system32\drivers\etc\HOSTS

-and then of course you can edit it manually [you may have to run the above command first]
A sample hosts file [mine]:-

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost
127.0.0.1 ad.doubleclick.net
____________________________________________________

0

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:06:47 PM, on 9/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apache2triad\bin\apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\apache2triad\mysql\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\apache2triad\bin\apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\progra~1\HJT\imabunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08A4D98A-864E-4BA2-998D-9C58EE7556C2} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {31657B86-01E9-43C8-A0C5-F02BE201455c} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55006F80-EA7A-4C99-95CE-112018CF483B} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - C:\WINDOWS\system32\ljjkheb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {9E7FA759-B446-4E57-AF42-A97A948B6CB3} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {9F0AD5E8-002F-4666-8F74-B5457C89FDD0} - C:\WINDOWS\system32\nxmjexch.dll
O2 - BHO: (no name) - {A8CE4D48-E68D-4FE4-89FE-300731C77148} - C:\WINDOWS\system32\nxmjexch.dll
O2 - BHO: (no name) - {B064D7DD-F68F-4D03-9C37-C86C2D72D4B7} - C:\WINDOWS\system32\nnsqqmqc.dll (file missing)
O2 - BHO: (no name) - {E5D48306-2B38-4D8C-B74C-8C4F420E02F2} - C:\WINDOWS\system32\henclvoc.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Taylor\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163462521328
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - 
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjkheb - C:\WINDOWS\SYSTEM32\ljjkheb.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\apache.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Apache2Triad MySql Service (mysql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 9305 bytes

I could not get rid of what Suspishio asked me to. Those also wouldn't remove with VundoFix!

Here's the vundo fix log!

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 9:44:48 PM 9/24/2007

Listing files found while scanning....

C:\windows\system32\acbeg.tmp
C:\windows\system32\ahaeirld.dll
C:\windows\system32\aiodmqxw.dll
C:\windows\system32\awtqn.dll
C:\windows\system32\awtqo.dll
C:\windows\system32\awtqp.dll
C:\windows\system32\awtsp.dll
C:\windows\system32\awtsq.dll
C:\windows\system32\awtsr.dll
C:\windows\system32\awtss.dll
C:\windows\system32\awvtr.dll
C:\windows\system32\awvtt.dll
C:\windows\system32\awvtu.dll
C:\windows\system32\awvvt.dll
C:\windows\system32\awvvu.dll
C:\windows\system32\awvvv.dll
C:\windows\system32\awvvw.dll
C:\windows\system32\bdjwoxlc.ini
C:\windows\system32\bjhbxkry.ini
C:\windows\system32\btpcgkju.dll
C:\windows\system32\chfnesnu.dll
C:\windows\system32\clxowjdb.dll
C:\windows\system32\ctwgdjal.dll
C:\windows\system32\cwjfgfbq.ini
C:\windows\system32\dblkfkjp.dll
C:\windows\system32\ddabb.dll
C:\windows\system32\ddaby.dll
C:\windows\system32\ddayv.dll
C:\windows\system32\ddayw.dll
C:\windows\system32\ddayx.dll
C:\windows\system32\ddayy.dll
C:\windows\system32\ddcca.dll
C:\windows\system32\ddccb.dll
C:\windows\system32\ddccc.dll
C:\windows\system32\ddccd.dll
C:\windows\system32\ddcya.dll
C:\windows\system32\ddcyv.dll
C:\windows\system32\ddcyw.dll
C:\windows\system32\ddcyx.dll
C:\windows\system32\ddcyy.dll
C:\windows\system32\dlrieaha.ini
C:\windows\system32\dwvixdcv.dll
C:\windows\system32\dytmnkgp.ini
C:\windows\system32\dytmnkgp.tmp
C:\windows\system32\ehkmp.ini
C:\windows\system32\gcqvugpq.ini
C:\windows\system32\gebca.dll
C:\windows\system32\gebcb.dll
C:\windows\system32\gebcd.dll
C:\windows\system32\gebcy.dll
C:\windows\system32\gebya.dll
C:\windows\system32\gebyw.dll
C:\windows\system32\gebyx.dll
C:\windows\system32\geeba.dll
C:\windows\system32\geebb.dll
C:\windows\system32\geebc.dll
C:\windows\system32\geeby.dll
C:\windows\system32\geeda.dll
C:\windows\system32\geedb.dll
C:\windows\system32\geedc.dll
C:\windows\system32\geede.dll
C:\windows\system32\gmfffrjv.dll
C:\WINDOWS\system32\gntdoype.dll
C:\windows\system32\hiydnyet.dll
C:\WINDOWS\system32\hvrramje.dll
C:\windows\system32\hwhsrran.ini
C:\windows\system32\iuxavtfs.ini
C:\windows\system32\ixskhpaj.dll
C:\windows\system32\japhksxi.ini
C:\windows\system32\jkhfd.dll
C:\windows\system32\jkhfe.dll
C:\windows\system32\jkhff.dll
C:\windows\system32\jkhhe.dll
C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhh.dll
C:\windows\system32\jkhhi.dll
C:\windows\system32\jkkjg.dll
C:\windows\system32\jkkjh.dll
C:\windows\system32\jkkji.dll
C:\windows\system32\jkkli.dll
C:\windows\system32\jkklj.dll
C:\windows\system32\jkklk.dll
C:\windows\system32\jkkll.dll
C:\windows\system32\jtsyetpm.ini
C:\WINDOWS\system32\kkbuuxxg.dll
C:\windows\system32\kmxeopgy.ini
C:\windows\system32\kxqcneun.ini
C:\windows\system32\lajdgwtc.ini
C:\windows\system32\lctugmcb.dll
C:\WINDOWS\system32\ljjkheb.dll
C:\windows\system32\llkkj.bak1
C:\windows\system32\llkkj.ini
C:\windows\system32\mljgd.dll
C:\windows\system32\mljgf.dll
C:\windows\system32\mljgg.dll
C:\windows\system32\mljgh.dll
C:\windows\system32\mljjh.dll
C:\windows\system32\mljji.dll
C:\windows\system32\mljjj.dll
C:\windows\system32\mljjk.dll
C:\windows\system32\mlljh.dll
C:\windows\system32\mllji.dll
C:\windows\system32\mlljj.dll
C:\windows\system32\mlljk.dll
C:\windows\system32\mllmj.dll
C:\windows\system32\mllmk.dll
C:\windows\system32\mllml.dll
C:\windows\system32\mllmm.dll
C:\windows\system32\moxquqkw.ini
C:\windows\system32\mpteystj.dll
C:\windows\system32\narrshwh.dll
C:\windows\system32\ncnsvent.dll
C:\windows\system32\neglfego.ini
C:\windows\system32\nfdxskis.dll
C:\windows\system32\njoaaqbc.dll
C:\windows\system32\nnsqqmqc.dll
C:\windows\system32\nuencqxk.dll
C:\windows\system32\ogeflgen.dll
C:\windows\system32\oixsfjbm.dll
C:\windows\system32\pgknmtyd.dll
C:\WINDOWS\system32\pgovcggr.dll
C:\windows\system32\pmkhe.dll
C:\windows\system32\pmkhf.dll
C:\windows\system32\pmkhh.dll
C:\windows\system32\pmkhi.dll
C:\windows\system32\pmkjg.dll
C:\windows\system32\pmkjh.dll
C:\windows\system32\pmkji.dll
C:\windows\system32\pmkjk.dll
C:\windows\system32\pmnli.dll
C:\windows\system32\pmnlj.dll
C:\windows\system32\pmnll.dll
C:\windows\system32\pmnlm.dll
C:\windows\system32\pmnnk.dll
C:\windows\system32\pmnnl.dll
C:\windows\system32\pmnnm.dll
C:\windows\system32\pmnnn.dll
C:\windows\system32\pmnno.dll
C:\windows\system32\qbfgfjwc.dll
C:\windows\system32\qfpclbkx.dll
C:\windows\system32\qonwjqyb.dll
C:\windows\system32\qpguvqcg.dll
C:\windows\system32\rmwjxmsr.ini
C:\windows\system32\rrqss.bak1
C:\windows\system32\rrqss.bak2
C:\windows\system32\rrqss.ini
C:\windows\system32\rrqss.ini2
C:\windows\system32\rrqss.tmp
C:\windows\system32\rsmxjwmr.dll
C:\windows\system32\rynllyev.ini
C:\windows\system32\sddaqhhy.ini
C:\windows\system32\sftvaxui.dll
C:\windows\system32\siksxdfn.ini
C:\windows\system32\sjglxxmy.ini
C:\windows\system32\sqxhlblw.ini
C:\windows\system32\sskxowrx.ini
C:\windows\system32\ssqpm.dll
C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpp.dll
C:\windows\system32\ssqpq.dll
C:\windows\system32\ssqrq.dll
C:\WINDOWS\system32\ssqrr.dll
C:\windows\system32\sstqo.dll
C:\windows\system32\sstqp.dll
C:\windows\system32\sstqq.dll
C:\windows\system32\sstqr.dll
C:\windows\system32\ssttq.dll
C:\windows\system32\ssttr.dll
C:\windows\system32\sstts.dll
C:\windows\system32\ssttt.dll
C:\windows\system32\ssttu.dll
C:\windows\system32\sstwa.tmp
C:\windows\system32\stutv.bak1
C:\windows\system32\stutv.ini2
C:\windows\system32\stutv.tmp
C:\windows\system32\tapdtmfv.dll
C:\windows\system32\teyndyih.ini
C:\windows\system32\thvgvvyx.ini
C:\windows\system32\tnevsncn.ini
C:\windows\system32\tnkpjxlg.dll
C:\windows\system32\ugoiguou.dll
C:\windows\system32\ujkgcptb.ini
C:\windows\system32\uougiogu.ini
C:\windows\system32\utvwa.bak1
C:\windows\system32\utvwa.ini
C:\windows\system32\vcdxivwd.ini
C:\windows\system32\veyllnyr.dll
C:\windows\system32\vfmtdpat.ini
C:\windows\system32\vjrfffmg.ini
C:\windows\system32\vpawenrv.tmp
C:\windows\system32\vrnewapv.dll
C:\windows\system32\vtsqo.dll
C:\windows\system32\vtsqp.dll
C:\windows\system32\vtsqq.dll
C:\windows\system32\vtsqr.dll
C:\windows\system32\vtstq.dll
C:\windows\system32\vtstr.dll
C:\windows\system32\vtstu.dll
C:\windows\system32\vturp.dll
C:\windows\system32\vturr.dll
C:\windows\system32\vtutq.dll
C:\windows\system32\vtutr.dll
C:\windows\system32\vtuts.dll
C:\windows\system32\vtutt.dll
C:\windows\system32\vtutu.dll
C:\windows\system32\wguxuvki.dll
C:\windows\system32\wkquqxom.dll
C:\windows\system32\wlblhxqs.dll
C:\windows\system32\xkblcpfq.ini
C:\windows\system32\xrwoxkss.dll
C:\WINDOWS\system32\xyvvgvht.dll
C:\windows\system32\ygpoexmk.dll
C:\windows\system32\yhhqadds.dll
C:\windows\system32\yhyxqevy.ini
C:\windows\system32\ymxxlgjs.dll
C:\windows\system32\yrkxbhjb.dll
C:\windows\system32\yveqxyhy.dll
C:\windows\system32\yvjjhtba.dll

Beginning removal...

 Attempting to delete C:\windows\system32\acbeg.tmp
C:\windows\system32\acbeg.tmp Has been deleted!

 Attempting to delete C:\windows\system32\ahaeirld.dll
C:\windows\system32\ahaeirld.dll Has been deleted!

 Attempting to delete C:\windows\system32\aiodmqxw.dll
C:\windows\system32\aiodmqxw.dll Has been deleted!

 Attempting to delete C:\windows\system32\awtqn.dll
C:\windows\system32\awtqn.dll Has been deleted!

 Attempting to delete C:\windows\system32\awtqo.dll
C:\windows\system32\awtqo.dll Has been deleted!

 Attempting to delete C:\windows\system32\awtqp.dll
C:\windows\system32\awtqp.dll Has been deleted!

 Attempting to delete C:\windows\system32\awtsp.dll
C:\windows\system32\awtsp.dll Has been deleted!

 Attempting to delete C:\windows\system32\awtsq.dll
C:\windows\system32\awtsq.dll Has been deleted!

 Attempting to delete C:\windows\system32\awtsr.dll
C:\windows\system32\awtsr.dll Has been deleted!

 Attempting to delete C:\windows\system32\awtss.dll
C:\windows\system32\awtss.dll Has been deleted!

 Attempting to delete C:\windows\system32\awvtr.dll
C:\windows\system32\awvtr.dll Has been deleted!

 Attempting to delete C:\windows\system32\awvtt.dll
C:\windows\system32\awvtt.dll Has been deleted!

 Attempting to delete C:\windows\system32\awvtu.dll
C:\windows\system32\awvtu.dll Has been deleted!

 Attempting to delete C:\windows\system32\awvvt.dll
C:\windows\system32\awvvt.dll Has been deleted!

 Attempting to delete C:\windows\system32\awvvu.dll
C:\windows\system32\awvvu.dll Has been deleted!

 Attempting to delete C:\windows\system32\awvvv.dll
C:\windows\system32\awvvv.dll Has been deleted!

 Attempting to delete C:\windows\system32\awvvw.dll
C:\windows\system32\awvvw.dll Has been deleted!

 Attempting to delete C:\windows\system32\bdjwoxlc.ini
C:\windows\system32\bdjwoxlc.ini Has been deleted!

 Attempting to delete C:\windows\system32\bjhbxkry.ini
C:\windows\system32\bjhbxkry.ini Has been deleted!

 Attempting to delete C:\windows\system32\btpcgkju.dll
C:\windows\system32\btpcgkju.dll Has been deleted!

 Attempting to delete C:\windows\system32\chfnesnu.dll
C:\windows\system32\chfnesnu.dll Has been deleted!

 Attempting to delete C:\windows\system32\clxowjdb.dll
C:\windows\system32\clxowjdb.dll Has been deleted!

 Attempting to delete C:\windows\system32\ctwgdjal.dll
C:\windows\system32\ctwgdjal.dll Has been deleted!

 Attempting to delete C:\windows\system32\cwjfgfbq.ini
C:\windows\system32\cwjfgfbq.ini Has been deleted!

 Attempting to delete C:\windows\system32\dblkfkjp.dll
C:\windows\system32\dblkfkjp.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddabb.dll
C:\windows\system32\ddabb.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddaby.dll
C:\windows\system32\ddaby.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddayv.dll
C:\windows\system32\ddayv.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddayw.dll
C:\windows\system32\ddayw.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddayx.dll
C:\windows\system32\ddayx.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddayy.dll
C:\windows\system32\ddayy.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddcca.dll
C:\windows\system32\ddcca.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddccb.dll
C:\windows\system32\ddccb.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddccc.dll
C:\windows\system32\ddccc.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddccd.dll
C:\windows\system32\ddccd.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddcya.dll
C:\windows\system32\ddcya.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddcyv.dll
C:\windows\system32\ddcyv.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddcyw.dll
C:\windows\system32\ddcyw.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddcyx.dll
C:\windows\system32\ddcyx.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddcyy.dll
C:\windows\system32\ddcyy.dll Has been deleted!

 Attempting to delete C:\windows\system32\dlrieaha.ini
C:\windows\system32\dlrieaha.ini Has been deleted!

 Attempting to delete C:\windows\system32\dwvixdcv.dll
C:\windows\system32\dwvixdcv.dll Has been deleted!

 Attempting to delete C:\windows\system32\dytmnkgp.ini
C:\windows\system32\dytmnkgp.ini Has been deleted!

 Attempting to delete C:\windows\system32\dytmnkgp.tmp
C:\windows\system32\dytmnkgp.tmp Has been deleted!

 Attempting to delete C:\windows\system32\ehkmp.ini
C:\windows\system32\ehkmp.ini Has been deleted!

 Attempting to delete C:\windows\system32\gcqvugpq.ini
C:\windows\system32\gcqvugpq.ini Has been deleted!

 Attempting to delete C:\windows\system32\gebca.dll
C:\windows\system32\gebca.dll Has been deleted!

 Attempting to delete C:\windows\system32\gebcb.dll
C:\windows\system32\gebcb.dll Has been deleted!

 Attempting to delete C:\windows\system32\gebcd.dll
C:\windows\system32\gebcd.dll Has been deleted!

 Attempting to delete C:\windows\system32\gebcy.dll
C:\windows\system32\gebcy.dll Has been deleted!

 Attempting to delete C:\windows\system32\gebya.dll
C:\windows\system32\gebya.dll Has been deleted!

 Attempting to delete C:\windows\system32\gebyw.dll
C:\windows\system32\gebyw.dll Has been deleted!

 Attempting to delete C:\windows\system32\gebyx.dll
C:\windows\system32\gebyx.dll Has been deleted!

 Attempting to delete C:\windows\system32\geeba.dll
C:\windows\system32\geeba.dll Has been deleted!

 Attempting to delete C:\windows\system32\geebb.dll
C:\windows\system32\geebb.dll Has been deleted!

 Attempting to delete C:\windows\system32\geebc.dll
C:\windows\system32\geebc.dll Has been deleted!

 Attempting to delete C:\windows\system32\geeby.dll
C:\windows\system32\geeby.dll Has been deleted!

 Attempting to delete C:\windows\system32\geeda.dll
C:\windows\system32\geeda.dll Has been deleted!

 Attempting to delete C:\windows\system32\geedb.dll
C:\windows\system32\geedb.dll Has been deleted!

 Attempting to delete C:\windows\system32\geedc.dll
C:\windows\system32\geedc.dll Has been deleted!

 Attempting to delete C:\windows\system32\geede.dll
C:\windows\system32\geede.dll Has been deleted!

 Attempting to delete C:\windows\system32\gmfffrjv.dll
C:\windows\system32\gmfffrjv.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gntdoype.dll
C:\WINDOWS\system32\gntdoype.dll Has been deleted!

 Attempting to delete C:\windows\system32\hiydnyet.dll
C:\windows\system32\hiydnyet.dll Has been deleted!

 Attempting to delete C:\windows\system32\hwhsrran.ini
C:\windows\system32\hwhsrran.ini Has been deleted!

 Attempting to delete C:\windows\system32\iuxavtfs.ini
C:\windows\system32\iuxavtfs.ini Has been deleted!

 Attempting to delete C:\windows\system32\ixskhpaj.dll
C:\windows\system32\ixskhpaj.dll Has been deleted!

 Attempting to delete C:\windows\system32\japhksxi.ini
C:\windows\system32\japhksxi.ini Has been deleted!

 Attempting to delete C:\windows\system32\jkhfd.dll
C:\windows\system32\jkhfd.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkhfe.dll
C:\windows\system32\jkhfe.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkhff.dll
C:\windows\system32\jkhff.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkhhe.dll
C:\windows\system32\jkhhe.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhf.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkhhh.dll
C:\windows\system32\jkhhh.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkhhi.dll
C:\windows\system32\jkhhi.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkkjg.dll
C:\windows\system32\jkkjg.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkkjh.dll
C:\windows\system32\jkkjh.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkkji.dll
C:\windows\system32\jkkji.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkkli.dll
C:\windows\system32\jkkli.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkklj.dll
C:\windows\system32\jkklj.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkklk.dll
C:\windows\system32\jkklk.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkkll.dll
C:\windows\system32\jkkll.dll Has been deleted!

 Attempting to delete C:\windows\system32\jtsyetpm.ini
C:\windows\system32\jtsyetpm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\kkbuuxxg.dll
C:\WINDOWS\system32\kkbuuxxg.dll Has been deleted!

 Attempting to delete C:\windows\system32\kmxeopgy.ini
C:\windows\system32\kmxeopgy.ini Has been deleted!

 Attempting to delete C:\windows\system32\kxqcneun.ini
C:\windows\system32\kxqcneun.ini Has been deleted!

 Attempting to delete C:\windows\system32\lajdgwtc.ini
C:\windows\system32\lajdgwtc.ini Has been deleted!

 Attempting to delete C:\windows\system32\lctugmcb.dll
C:\windows\system32\lctugmcb.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ljjkheb.dll
C:\WINDOWS\system32\ljjkheb.dll Could not be deleted.

 Attempting to delete C:\windows\system32\llkkj.bak1
C:\windows\system32\llkkj.bak1 Has been deleted!

 Attempting to delete C:\windows\system32\llkkj.ini
C:\windows\system32\llkkj.ini Has been deleted!

 Attempting to delete C:\windows\system32\mljgd.dll
C:\windows\system32\mljgd.dll Has been deleted!

 Attempting to delete C:\windows\system32\mljgf.dll
C:\windows\system32\mljgf.dll Has been deleted!

 Attempting to delete C:\windows\system32\mljgg.dll
C:\windows\system32\mljgg.dll Has been deleted!

 Attempting to delete C:\windows\system32\mljgh.dll
C:\windows\system32\mljgh.dll Has been deleted!

 Attempting to delete C:\windows\system32\mljjh.dll
C:\windows\system32\mljjh.dll Has been deleted!

 Attempting to delete C:\windows\system32\mljji.dll
C:\windows\system32\mljji.dll Has been deleted!

 Attempting to delete C:\windows\system32\mljjj.dll
C:\windows\system32\mljjj.dll Has been deleted!

 Attempting to delete C:\windows\system32\mljjk.dll
C:\windows\system32\mljjk.dll Has been deleted!

 Attempting to delete C:\windows\system32\mlljh.dll
C:\windows\system32\mlljh.dll Has been deleted!

 Attempting to delete C:\windows\system32\mllji.dll
C:\windows\system32\mllji.dll Has been deleted!

 Attempting to delete C:\windows\system32\mlljj.dll
C:\windows\system32\mlljj.dll Has been deleted!

 Attempting to delete C:\windows\system32\mlljk.dll
C:\windows\system32\mlljk.dll Has been deleted!

 Attempting to delete C:\windows\system32\mllmj.dll
C:\windows\system32\mllmj.dll Has been deleted!

 Attempting to delete C:\windows\system32\mllmk.dll
C:\windows\system32\mllmk.dll Has been deleted!

 Attempting to delete C:\windows\system32\mllml.dll
C:\windows\system32\mllml.dll Has been deleted!

 Attempting to delete C:\windows\system32\mllmm.dll
C:\windows\system32\mllmm.dll Has been deleted!

 Attempting to delete C:\windows\system32\moxquqkw.ini
C:\windows\system32\moxquqkw.ini Has been deleted!

 Attempting to delete C:\windows\system32\mpteystj.dll
C:\windows\system32\mpteystj.dll Has been deleted!

 Attempting to delete C:\windows\system32\narrshwh.dll
C:\windows\system32\narrshwh.dll Has been deleted!

 Attempting to delete C:\windows\system32\ncnsvent.dll
C:\windows\system32\ncnsvent.dll Has been deleted!

 Attempting to delete C:\windows\system32\neglfego.ini
C:\windows\system32\neglfego.ini Has been deleted!

 Attempting to delete C:\windows\system32\nfdxskis.dll
C:\windows\system32\nfdxskis.dll Has been deleted!

 Attempting to delete C:\windows\system32\njoaaqbc.dll
C:\windows\system32\njoaaqbc.dll Has been deleted!

 Attempting to delete C:\windows\system32\nnsqqmqc.dll
C:\windows\system32\nnsqqmqc.dll Could not be deleted.

 Attempting to delete C:\windows\system32\nuencqxk.dll
C:\windows\system32\nuencqxk.dll Has been deleted!

 Attempting to delete C:\windows\system32\ogeflgen.dll
C:\windows\system32\ogeflgen.dll Has been deleted!

 Attempting to delete C:\windows\system32\oixsfjbm.dll
C:\windows\system32\oixsfjbm.dll Has been deleted!

 Attempting to delete C:\windows\system32\pgknmtyd.dll
C:\windows\system32\pgknmtyd.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pgovcggr.dll
C:\WINDOWS\system32\pgovcggr.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmkhe.dll
C:\windows\system32\pmkhe.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmkhf.dll
C:\windows\system32\pmkhf.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmkhh.dll
C:\windows\system32\pmkhh.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmkhi.dll
C:\windows\system32\pmkhi.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmkjg.dll
C:\windows\system32\pmkjg.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmkjh.dll
C:\windows\system32\pmkjh.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmkji.dll
C:\windows\system32\pmkji.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmkjk.dll
C:\windows\system32\pmkjk.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmnli.dll
C:\windows\system32\pmnli.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmnlj.dll
C:\windows\system32\pmnlj.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmnll.dll
C:\windows\system32\pmnll.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmnlm.dll
C:\windows\system32\pmnlm.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmnnk.dll
C:\windows\system32\pmnnk.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmnnl.dll
C:\windows\system32\pmnnl.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmnnm.dll
C:\windows\system32\pmnnm.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmnnn.dll
C:\windows\system32\pmnnn.dll Has been deleted!

 Attempting to delete C:\windows\system32\pmnno.dll
C:\windows\system32\pmnno.dll Has been deleted!

 Attempting to delete C:\windows\system32\qbfgfjwc.dll
C:\windows\system32\qbfgfjwc.dll Has been deleted!

 Attempting to delete C:\windows\system32\qfpclbkx.dll
C:\windows\system32\qfpclbkx.dll Has been deleted!

 Attempting to delete C:\windows\system32\qonwjqyb.dll
C:\windows\system32\qonwjqyb.dll Has been deleted!

 Attempting to delete C:\windows\system32\qpguvqcg.dll
C:\windows\system32\qpguvqcg.dll Has been deleted!

 Attempting to delete C:\windows\system32\rmwjxmsr.ini
C:\windows\system32\rmwjxmsr.ini Has been deleted!

 Attempting to delete C:\windows\system32\rrqss.bak1
C:\windows\system32\rrqss.bak1 Has been deleted!

 Attempting to delete C:\windows\system32\rrqss.bak2
C:\windows\system32\rrqss.bak2 Has been deleted!

 Attempting to delete C:\windows\system32\rrqss.ini
C:\windows\system32\rrqss.ini Has been deleted!

 Attempting to delete C:\windows\system32\rrqss.ini2
C:\windows\system32\rrqss.ini2 Has been deleted!

 Attempting to delete C:\windows\system32\rrqss.tmp
C:\windows\system32\rrqss.tmp Has been deleted!

 Attempting to delete C:\windows\system32\rsmxjwmr.dll
C:\windows\system32\rsmxjwmr.dll Has been deleted!

 Attempting to delete C:\windows\system32\rynllyev.ini
C:\windows\system32\rynllyev.ini Has been deleted!

 Attempting to delete C:\windows\system32\sddaqhhy.ini
C:\windows\system32\sddaqhhy.ini Has been deleted!

 Attempting to delete C:\windows\system32\sftvaxui.dll
C:\windows\system32\sftvaxui.dll Has been deleted!

 Attempting to delete C:\windows\system32\siksxdfn.ini
C:\windows\system32\siksxdfn.ini Has been deleted!

 Attempting to delete C:\windows\system32\sjglxxmy.ini
C:\windows\system32\sjglxxmy.ini Has been deleted!

 Attempting to delete C:\windows\system32\sqxhlblw.ini
C:\windows\system32\sqxhlblw.ini Has been deleted!

 Attempting to delete C:\windows\system32\sskxowrx.ini
C:\windows\system32\sskxowrx.ini Has been deleted!

 Attempting to delete C:\windows\system32\ssqpm.dll
C:\windows\system32\ssqpm.dll Has been deleted!

 Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Has been deleted!

 Attempting to delete C:\windows\system32\ssqpp.dll
C:\windows\system32\ssqpp.dll Has been deleted!

 Attempting to delete C:\windows\system32\ssqpq.dll
C:\windows\system32\ssqpq.dll Has been deleted!

 Attempting to delete C:\windows\system32\ssqrq.dll
C:\windows\system32\ssqrq.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrr.dll Could not be deleted.

 Attempting to delete C:\windows\system32\sstqo.dll
C:\windows\system32\sstqo.dll Has been deleted!

 Attempting to delete C:\windows\system32\sstqp.dll
C:\windows\system32\sstqp.dll Has been deleted!

 Attempting to delete C:\windows\system32\sstqq.dll
C:\windows\system32\sstqq.dll Has been deleted!

 Attempting to delete C:\windows\system32\sstqr.dll
C:\windows\system32\sstqr.dll Has been deleted!

 Attempting to delete C:\windows\system32\ssttq.dll
C:\windows\system32\ssttq.dll Has been deleted!

 Attempting to delete C:\windows\system32\ssttr.dll
C:\windows\system32\ssttr.dll Has been deleted!

 Attempting to delete C:\windows\system32\sstts.dll
C:\windows\system32\sstts.dll Has been deleted!

 Attempting to delete C:\windows\system32\ssttt.dll
C:\windows\system32\ssttt.dll Has been deleted!

 Attempting to delete C:\windows\system32\ssttu.dll
C:\windows\system32\ssttu.dll Has been deleted!

 Attempting to delete C:\windows\system32\sstwa.tmp
C:\windows\system32\sstwa.tmp Has been deleted!

 Attempting to delete C:\windows\system32\stutv.bak1
C:\windows\system32\stutv.bak1 Has been deleted!

 Attempting to delete C:\windows\system32\stutv.ini2
C:\windows\system32\stutv.ini2 Has been deleted!

 Attempting to delete C:\windows\system32\stutv.tmp
C:\windows\system32\stutv.tmp Has been deleted!

 Attempting to delete C:\windows\system32\tapdtmfv.dll
C:\windows\system32\tapdtmfv.dll Has been deleted!

 Attempting to delete C:\windows\system32\teyndyih.ini
C:\windows\system32\teyndyih.ini Has been deleted!

 Attempting to delete C:\windows\system32\thvgvvyx.ini
C:\windows\system32\thvgvvyx.ini Has been deleted!

 Attempting to delete C:\windows\system32\tnevsncn.ini
C:\windows\system32\tnevsncn.ini Has been deleted!

 Attempting to delete C:\windows\system32\tnkpjxlg.dll
C:\windows\system32\tnkpjxlg.dll Has been deleted!

 Attempting to delete C:\windows\system32\ugoiguou.dll
C:\windows\system32\ugoiguou.dll Has been deleted!

 Attempting to delete C:\windows\system32\ujkgcptb.ini
C:\windows\system32\ujkgcptb.ini Has been deleted!

 Attempting to delete C:\windows\system32\uougiogu.ini
C:\windows\system32\uougiogu.ini Has been deleted!

 Attempting to delete C:\windows\system32\utvwa.bak1
C:\windows\system32\utvwa.bak1 Has been deleted!

 Attempting to delete C:\windows\system32\utvwa.ini
C:\windows\system32\utvwa.ini Has been deleted!

 Attempting to delete C:\windows\system32\vcdxivwd.ini
C:\windows\system32\vcdxivwd.ini Has been deleted!

 Attempting to delete C:\windows\system32\veyllnyr.dll
C:\windows\system32\veyllnyr.dll Has been deleted!

 Attempting to delete C:\windows\system32\vfmtdpat.ini
C:\windows\system32\vfmtdpat.ini Has been deleted!

 Attempting to delete C:\windows\system32\vjrfffmg.ini
C:\windows\system32\vjrfffmg.ini Has been deleted!

 Attempting to delete C:\windows\system32\vpawenrv.tmp
C:\windows\system32\vpawenrv.tmp Has been deleted!

 Attempting to delete C:\windows\system32\vrnewapv.dll
C:\windows\system32\vrnewapv.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtsqo.dll
C:\windows\system32\vtsqo.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtsqp.dll
C:\windows\system32\vtsqp.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtsqq.dll
C:\windows\system32\vtsqq.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtsqr.dll
C:\windows\system32\vtsqr.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtstq.dll
C:\windows\system32\vtstq.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtstr.dll
C:\windows\system32\vtstr.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtstu.dll
C:\windows\system32\vtstu.dll Has been deleted!

 Attempting to delete C:\windows\system32\vturp.dll
C:\windows\system32\vturp.dll Has been deleted!

 Attempting to delete C:\windows\system32\vturr.dll
C:\windows\system32\vturr.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtutq.dll
C:\windows\system32\vtutq.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtutr.dll
C:\windows\system32\vtutr.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtuts.dll
C:\windows\system32\vtuts.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtutt.dll
C:\windows\system32\vtutt.dll Has been deleted!

 Attempting to delete C:\windows\system32\vtutu.dll
C:\windows\system32\vtutu.dll Has been deleted!

 Attempting to delete C:\windows\system32\wguxuvki.dll
C:\windows\system32\wguxuvki.dll Has been deleted!

 Attempting to delete C:\windows\system32\wkquqxom.dll
C:\windows\system32\wkquqxom.dll Has been deleted!

 Attempting to delete C:\windows\system32\wlblhxqs.dll
C:\windows\system32\wlblhxqs.dll Has been deleted!

 Attempting to delete C:\windows\system32\xkblcpfq.ini
C:\windows\system32\xkblcpfq.ini Has been deleted!

 Attempting to delete C:\windows\system32\xrwoxkss.dll
C:\windows\system32\xrwoxkss.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xyvvgvht.dll
C:\WINDOWS\system32\xyvvgvht.dll Could not be deleted.

 Attempting to delete C:\windows\system32\ygpoexmk.dll
C:\windows\system32\ygpoexmk.dll Has been deleted!

 Attempting to delete C:\windows\system32\yhhqadds.dll
C:\windows\system32\yhhqadds.dll Has been deleted!

 Attempting to delete C:\windows\system32\yhyxqevy.ini
C:\windows\system32\yhyxqevy.ini Has been deleted!

 Attempting to delete C:\windows\system32\ymxxlgjs.dll
C:\windows\system32\ymxxlgjs.dll Has been deleted!

 Attempting to delete C:\windows\system32\yrkxbhjb.dll
C:\windows\system32\yrkxbhjb.dll Has been deleted!

 Attempting to delete C:\windows\system32\yveqxyhy.dll
C:\windows\system32\yveqxyhy.dll Has been deleted!

 Attempting to delete C:\windows\system32\yvjjhtba.dll
C:\windows\system32\yvjjhtba.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\ljjkheb.dll
C:\WINDOWS\system32\ljjkheb.dll Could not be deleted.

 Attempting to delete C:\windows\system32\nnsqqmqc.dll
C:\windows\system32\nnsqqmqc.dll Has been deleted!

 Attempting to delete C:\windows\system32\rrqss.ini
C:\windows\system32\rrqss.ini Has been deleted!

 Attempting to delete C:\windows\system32\rrqss.ini2
C:\windows\system32\rrqss.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrr.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\xyvvgvht.dll
C:\WINDOWS\system32\xyvvgvht.dll Has been deleted!

Performing Repairs to the registry.
Done!

Thank you! :]

0

Jamlpr, please delete C:\vundofix.txt and run vundofix again!! until all files have been deleted. It may take a couple more passes. When all files that it detects have been deleted then you are finished with vundofix.

==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
- Open the SmitfraudFix folder and double-click smitfraudfix.cmd, select option #1 - Search [type 1 and Enter]; a text file will appear which lists infected files (if present). It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:\ .. Please paste the report in your next reply. DO NOT RUN OPTION 2 YET!!!
In the meantime fix these two with hijackthis, we'll get to all the others later.

O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -

Post vundofix, smitfraud log and a fresh hijackthis scan log also.

0

The trojan is well infiltrated looking at your HJT log. If the Vundofix & Smitfraudfix passes don't solve it, go to my post on 24-Aug and do it the other way round - from a separate PC operating on your affected hard disk in a USB enclosure.

0

HJT:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:55:51 AM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apache2triad\bin\apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\apache2triad\mysql\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\apache2triad\bin\apache.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\imabunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08A4D98A-864E-4BA2-998D-9C58EE7556C2} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {31657B86-01E9-43C8-A0C5-F02BE201455c} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - C:\WINDOWS\system32\ljjkheb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {9E7FA759-B446-4E57-AF42-A97A948B6CB3} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {9F0AD5E8-002F-4666-8F74-B5457C89FDD0} - C:\WINDOWS\system32\nxmjexch.dll
O2 - BHO: (no name) - {A8CE4D48-E68D-4FE4-89FE-300731C77148} - C:\WINDOWS\system32\nxmjexch.dll
O2 - BHO: (no name) - {B064D7DD-F68F-4D03-9C37-C86C2D72D4B7} - C:\WINDOWS\system32\nnsqqmqc.dll (file missing)
O2 - BHO: (no name) - {C3415EC8-E19C-4147-A819-604490CEF483} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: (no name) - {E5D48306-2B38-4D8C-B74C-8C4F420E02F2} - C:\WINDOWS\system32\henclvoc.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\gewhpgsa.dll",sitypnow
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Taylor\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163462521328
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjkheb - C:\WINDOWS\SYSTEM32\ljjkheb.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\apache.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Apache2Triad MySql Service (mysql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 9173 bytes

Vundo:

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 9:20:29 PM 9/25/2007

Listing files found while scanning....

C:\windows\system32\ljjkheb.dll
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\ssqrr.dll

Beginning removal...

 Attempting to delete C:\windows\system32\ljjkheb.dll
C:\windows\system32\ljjkheb.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rrqss.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\windows\system32\ljjkheb.dll
C:\windows\system32\ljjkheb.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rrqss.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Smit:

SmitFraudFix v2.229

Scan done at 19:46:57.56, Tue 09/25/2007
Run from C:\Documents and Settings\Taylor\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apache2triad\bin\apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\apache2triad\mysql\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\apache2triad\bin\apache.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Taylor


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Taylor\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Taylor\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Linksys Wireless-G PCI Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.10.10
DNS Server Search Order: 24.165.200.40
DNS Server Search Order: 24.165.200.35

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DA87762A-AC5D-4BC2-B820-14450E34CD82}: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DA87762A-AC5D-4BC2-B820-14450E34CD82}: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DA87762A-AC5D-4BC2-B820-14450E34CD82}: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

I couldn't get those two .dlls to go away for the life of me.

Thanks again for the help guys.

I get off at 10 tonight.

0

Cool. Now run the clean option with smitfraudfix:-
- Check that a Restore point has been made.
- Restart your computer in Safe Mode.
- Start Smitfraudfix as before and select #2 - Clean [type 2 and Enter].
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
Restart in normal Windows and post here the text file which will appear on your screen, along with a new HT log.
[You may also have to restore your desktop background...
If so, go Start >run, type regedit and <enter>. Navigate to this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Please export that key: in the left pane highlight system with a lclick, go File, export... , save as bluewall with file type .txt. Close regedit and post that txt file].

Let's force the issue with those undeletable files. This is to check for any hidden support files:
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
==Now vundofix again, but modify the run a bit this time [please delete C:\vundofix.txt first]:
=Restart your system in Safe Mode.
Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
*****When the scan completes rclick inside the white text box, lclick the Addmore files? line, paste into the new window these pathnames [one per line]:

C:\windows\system32\ljjkheb.dll
C:\WINDOWS\system32\behkjjl.*
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\rrqss.*

Click the Add Files button, and next the Remove Vundo button.******

You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
!!! Check the Vundofix log for any found files that were not deleted - if present rerun Vundofix !!!
Post the contents of C:\vundofix.txt plus a new HijackThis log.

0

I am adding this section now to save you time because of lag in post/reply.
If that Vundofix refinement works after the Combofix run some of this may be redundant, but perform the whole anyway:
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: (no name) - {08A4D98A-864E-4BA2-998D-9C58EE7556C2} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {31657B86-01E9-43C8-A0C5-F02BE201455c} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - C:\WINDOWS\system32\ljjkheb.dll
O2 - BHO: (no name) - {9E7FA759-B446-4E57-AF42-A97A948B6CB3} - C:\WINDOWS\system32\henclvoc.dll
O2 - BHO: (no name) - {9F0AD5E8-002F-4666-8F74-B5457C89FDD0} - C:\WINDOWS\system32\nxmjexch.dll
O2 - BHO: (no name) - {A8CE4D48-E68D-4FE4-89FE-300731C77148} - C:\WINDOWS\system32\nxmjexch.dll
O2 - BHO: (no name) - {B064D7DD-F68F-4D03-9C37-C86C2D72D4B7} - C:\WINDOWS\system32\nnsqqmqc.dll (file missing)
O2 - BHO: (no name) - {C3415EC8-E19C-4147-A819-604490CEF483} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: (no name) - {E5D48306-2B38-4D8C-B74C-8C4F420E02F2} - C:\WINDOWS\system32\henclvoc.dll
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\gewhpgsa.dll",sitypnow
O20 - Winlogon Notify: ljjkheb - C:\WINDOWS\SYSTEM32\ljjkheb.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)

==Download killbox from here:- http://www.downloads.subratam.org/KillBox.zip -unzip it onto your desktop.
Dclick killbox to start it.
>Highlight the pathnames in the following lines as one block and copy them into clipboard [press Ctrl+C] [ or rclick, copy...]:-

C:\WINDOWS\system32\henclvoc.dll
C:\WINDOWS\system32\nxmjexch.dll
C:\WINDOWS\system32\ljjkheb.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\gewhpgsa.dll

>In killbox, go File menu, choose Paste from clipboard.
Go File, Logs, select Current Items Log; a notepad will open, if the list of current items shows Zero then none of those files exist and you may simply exit Killbox.
Else:
Select "Delete on reboot", "Unregister dll before deleting" if available, click the "all files" button.
Click the red and white X button, click Yes on the reboot prompt, click OK if a pendingfilerenameoperation box opens. [do not be concerned if it says it cannot find a file...]
If your computer does not reboot please restart it manually.
Post a fresh hijackthis log.

0

HJT:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:48:21 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\apache2triad\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\apache2triad\mysql\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\apache2triad\bin\apache.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\progra~1\HJT\imabunny.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Taylor\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163462521328
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\apache.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Apache2Triad MySql Service (mysql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 7316 bytes

VundoFix:

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 11:28:04 PM 9/26/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Performing Repairs to the registry.
Done!

ComboFix:

ComboFix 07-09-21.2 - "Taylor" 2007-09-27  0:01:57.1 - NTFSx86 
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.362 [GMT -6:00]
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\JOHNLE~1\APPLIC~1\FunWebProducts
C:\DOCUME~1\JOHNLE~1\APPLIC~1\FunWebProducts\Data\John Lee\avatar.dat
C:\DOCUME~1\JOHNLE~1\APPLIC~1\FunWebProducts\Data\John Lee\register.dat
C:\DOCUME~1\Taylor\APPLIC~1\FunWebProducts
C:\DOCUME~1\Taylor\APPLIC~1\FunWebProducts\Data\Taylor\avatar.dat
C:\DOCUME~1\Taylor\APPLIC~1\FunWebProducts\Data\Taylor\register.dat
C:\DOCUME~1\Taylor\APPLIC~1\FunWebProducts\Data\Taylor\zbucks.dat
C:\DOCUME~1\Taylor\APPLIC~1\FunWebProducts\Data\Taylor\zwinky.dat
C:\DOCUME~1\Taylor\Desktop\internet.lnk
C:\Program Files\download plugin
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\037A646E.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\037CA18C.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\037D0E50.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bjqvwoun.exe
C:\WINDOWS\system32\blbbckyu.dll
C:\WINDOWS\system32\bvohycvx.exe
C:\WINDOWS\system32\cwsrxffu.exe
C:\WINDOWS\system32\djfibvfx.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\ecnaaroy.exe
C:\WINDOWS\system32\fcfrqhxf.exe
C:\WINDOWS\system32\feoqprik.exe
C:\WINDOWS\system32\fgkaebln.exe
C:\WINDOWS\system32\fksywuod.exe
C:\WINDOWS\system32\fparjaxg.exe
C:\WINDOWS\system32\gttifewu.exe
C:\WINDOWS\system32\gwqpmsis.exe
C:\WINDOWS\system32\henclvoc.dll
C:\WINDOWS\system32\hkggmsct.exe
C:\WINDOWS\system32\hmjsostt.exe
C:\WINDOWS\system32\hsvofjnq.exe
C:\WINDOWS\system32\iekifemm.exe
C:\WINDOWS\system32\ijknluab.exe
C:\WINDOWS\system32\ijpsyudh.exe
C:\WINDOWS\system32\ilnudftn.exe
C:\WINDOWS\system32\iobmgpov.exe
C:\WINDOWS\system32\jhcftdaw.exe
C:\WINDOWS\system32\jjcutlwj.exe
C:\WINDOWS\system32\jmviyiar.exe
C:\WINDOWS\system32\kaljvvat.exe
C:\WINDOWS\system32\khoqseer.exe
C:\WINDOWS\system32\kvtofrkn.exe
C:\WINDOWS\system32\kwyksfou.exe
C:\WINDOWS\system32\ljjkheb.dll
C:\WINDOWS\system32\lnppuwpm.exe
C:\WINDOWS\system32\mdwvaodc.exe
C:\WINDOWS\system32\mkdnghgi.exe
C:\WINDOWS\system32\mnpssxev.exe
C:\WINDOWS\system32\mpqukosx.dll
C:\WINDOWS\system32\nxkmgalj.exe
C:\WINDOWS\system32\nxmjexch.dll
C:\WINDOWS\system32\oipsjkyh.exe
C:\WINDOWS\system32\omadswlj.exe
C:\WINDOWS\system32\oxwrwomu.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\qcvxwplb.exe
C:\WINDOWS\system32\qprdfdxo.exe
C:\WINDOWS\system32\qrcnrqxt.exe
C:\WINDOWS\system32\raspsmhj.exe
C:\WINDOWS\system32\rotrbmxy.exe
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\spriahym.exe
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\swywftxs.exe
C:\WINDOWS\system32\tbmoogly.exe
C:\WINDOWS\system32\tskhoimo.exe
C:\WINDOWS\system32\tweroxwh.exe
C:\WINDOWS\system32\ubspchtf.exe
C:\WINDOWS\system32\uglkrkcn.exe
C:\WINDOWS\system32\uxrfxunb.exe
C:\WINDOWS\system32\uyeowolx.dll
C:\WINDOWS\system32\vbmifmya.exe
C:\WINDOWS\system32\vrhjuuio.exe
C:\WINDOWS\system32\vvtyojyo.exe
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wjgjfsqe.exe
C:\WINDOWS\system32\wkqneokw.exe
C:\WINDOWS\system32\wofplgyx.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wuolcfkf.exe
C:\WINDOWS\system32\xflceawv.exe
C:\WINDOWS\system32\xgmmprqq.exe
C:\WINDOWS\system32\xsthnjjo.exe
C:\WINDOWS\system32\xtlwjeol.dll
C:\WINDOWS\system32\xwixyjfe.exe
C:\WINDOWS\system32\yetbokhy.dll
C:\WINDOWS\system32\ykxqqcnr.exe
C:\WINDOWS\system32\yxlykdvb.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NPF
-------\DomainService
-------\NPF


(((((((((((((((((((((((((   Files Created from 2007-08-27 to 2007-09-27  )))))))))))))))))))))))))))))))
.

2007-09-26 23:58	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-09-26 23:56	<DIR>	d--------	C:\Program Files\CCleaner
2007-09-25 19:47	1,372	--a------	C:\WINDOWS\system32\tmp.reg
2007-09-25 19:46	53,248	--a------	C:\WINDOWS\system32\Process.exe
2007-09-25 19:46	51,200	--a------	C:\WINDOWS\system32\dumphive.exe
2007-09-25 19:46	289,144	--a------	C:\WINDOWS\system32\VCCLSID.exe
2007-09-25 19:46	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe
2007-09-24 21:44	<DIR>	d--------	C:\VundoFix Backups
2007-09-24 06:03	<DIR>	d--------	C:\Dev-Cpp
2007-09-24 05:56	<DIR>	d--------	C:\Program Files\Eusing Free Registry Cleaner
2007-09-24 05:50	149,248	--a------	C:\WINDOWS\system32\RegCompact.dll
2007-09-24 05:50	<DIR>	d--------	C:\Program Files\AMUST
2007-09-21 22:57	<DIR>	d--------	C:\DOCUME~1\Chris\APPLIC~1\Dev-Cpp
2007-09-21 13:22	<DIR>	d--------	C:\Program Files\HJT
2007-09-17 08:18	<DIR>	d--------	C:\Program Files\Norton Security Scan
2007-09-15 14:11	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-09-09 07:55	<DIR>	d--------	C:\DOCUME~1\Taylor\APPLIC~1\Dev-Cpp
2007-09-07 07:25	<DIR>	d--------	C:\DOCUME~1\Taylor\APPLIC~1\gtk-2.0
2007-09-02 07:54	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll
2007-09-02 07:54	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll
2007-09-02 07:54	15,104	--a--c---	C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-02 07:54	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-01 04:46	<DIR>	d--------	C:\DOCUME~1\Taylor\APPLIC~1\Yahoo!
2007-09-01 04:46	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-31 11:13	679,936	--a------	C:\WINDOWS\system32\D3DX81ab.dll
2007-08-31 11:13	1,970,176	--a------	C:\WINDOWS\system32\d3dx9.dll
2007-08-31 11:12	<DIR>	d--------	C:\Program Files\Cheat Engine
2007-08-31 10:46	69,632	--a------	C:\WINDOWS\system32\nporbit.dll
2007-08-31 10:46	<DIR>	d--------	C:\Program Files\Orbitdownloader
2007-08-31 10:46	<DIR>	d--------	C:\Downloads
2007-08-31 10:46	<DIR>	d--------	C:\DOCUME~1\Taylor\APPLIC~1\Orbit
2007-08-31 10:44	<DIR>	d--------	C:\Program Files\Flash Favorite

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 23:59	---------	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-24 22:03	---------	d--------	C:\Program Files\MSN Messenger
2007-09-24 16:40	---------	d-a------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-21 04:24	---------	d--------	C:\DOCUME~1\Paul\APPLIC~1\LimeWire
2007-09-11 10:05	---------	d--------	C:\DOCUME~1\Taylor\APPLIC~1\Azureus
2007-09-01 04:05	---------	d--------	C:\Program Files\Yahoo!
2007-09-01 04:05	---------	d--------	C:\Program Files\Shockwave.com
2007-08-24 07:34	---------	d--------	C:\DOCUME~1\JOHNLE~1\APPLIC~1\LimeWire
2007-08-22 08:17	---------	d--------	C:\Program Files\LimeWire
2007-08-19 07:09	---------	d--------	C:\DOCUME~1\Taylor\APPLIC~1\Media Player Classic
2007-08-17 03:02	---------	d--------	C:\Program Files\MSXML 4.0
2007-08-11 19:31	---------	d--------	C:\Program Files\Nick Arcade
2007-08-11 19:31	---------	d--------	C:\DOCUME~1\Chris\APPLIC~1\PlayFirst
2007-08-07 14:58	---------	d--------	C:\Program Files\Cartoon Network
2007-08-05 23:37	---------	d--------	C:\DOCUME~1\Chris\APPLIC~1\Media Player Classic
2007-08-05 23:36	---------	d--------	C:\DOCUME~1\Chris\APPLIC~1\Azureus
2007-08-05 23:35	---------	d--------	C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter
2007-08-05 23:11	---------	d--------	C:\Program Files\RM Converter
2007-08-04 14:16	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2007-08-04 14:15	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2007-08-03 22:33	---------	d--------	C:\DOCUME~1\JOHNLE~1\APPLIC~1\Azureus
2007-08-03 01:10	---------	d--------	C:\Program Files\Real Alternative
2007-08-03 01:10	---------	d--------	C:\Program Files\Media Player Classic
2007-08-03 01:10	---------	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-08-01 20:12	---------	d--------	C:\DOCUME~1\Chris\APPLIC~1\SBTT
2007-08-01 02:53	---------	d--------	C:\Program Files\EA GAMES
2007-08-01 02:50	---------	d--h-----	C:\Program Files\InstallShield Installation Information
2007-07-29 12:04	---------	d--------	C:\Program Files\BitPim
2007-07-26 12:17	9232	--a------	C:\DOCUME~1\Chris\mqdmmdfl.sys
2007-07-26 12:17	92064	--a------	C:\DOCUME~1\Chris\mqdmmdm.sys
2007-07-26 12:17	79328	--a------	C:\DOCUME~1\Chris\mqdmserd.sys
2007-07-26 12:17	66656	--a------	C:\DOCUME~1\Chris\mqdmbus.sys
2007-07-26 12:17	6208	--a------	C:\DOCUME~1\Chris\mqdmcmnt.sys
2007-07-26 12:17	5936	--a------	C:\DOCUME~1\Chris\mqdmwhnt.sys
2007-07-26 12:17	4048	--a------	C:\DOCUME~1\Chris\mqdmcr.sys
2007-07-26 12:17	25600	--a------	C:\DOCUME~1\Chris\usbsermptxp.sys
2007-07-26 12:17	22768	--a------	C:\DOCUME~1\Chris\usbsermpt.sys
2007-07-16 11:40	65536	--a------	C:\WINDOWS\IFinst27.exe
2007-06-30 02:01	94208	--a------	C:\WINDOWS\DIIUnin.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B064D7DD-F68F-4D03-9C37-C86C2D72D4B7}]
			C:\WINDOWS\system32\nnsqqmqc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-13 09:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\DOCUME~1\JOHNLE~1\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-02 11:07:31]

C:\DOCUME~1\Paul\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-02 11:07:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact] 
RegCompact.dll 2006-11-09 19:32 149248 C:\WINDOWS\system32\RegCompact.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hamachi.lnk]
backup=C:\WINDOWS\pss\Hamachi.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^DRIV3R Registration.lnk]
backup=C:\WINDOWS\pss\DRIV3R Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Taylor^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Taylor\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Actual Transparent Window]
"C:\Program Files\Actual Transparent Window\ActualTransparentWindowCenter.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\system32\ctwgdjal.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j7261231]
rundll32 C:\WINDOWS\system32\j7261231.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\eersbanq.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R3 allkeys01;allkeys01;C:\WINDOWS\system32\drivers\allkeys01.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;"C:\apache2triad\bin\apache.exe" -D SSL -n Apache2SSL -k runservice
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 PgSql;Apache2Triad PostgreSQL Service;"C:\apache2triad\pgsql\bin\pg_ctl.exe" runservice -N PgSql -D C:\apache2triad\pgsql\data\
S3 SlimFTPd;Apache2Triad SlimFTPd Server;"C:\apache2triad\ftp\SlimFTPd.exe" -service
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
S3 XMail;Apache2Triad Xmail Service;C:\apache2triad\mail\bin\XMail.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2007-09-22 00:06:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-21 21:00:01 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-27 00:20:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-26 23:20:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-26 23:20
.
	--- E O F ---

RegKey "Bluewall":

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

Thanks alot man, everything seems to be checkin out great. I even did the KillBox.

I dunno how to analyze a HJT log though, so it's up to you guys!

I really appreciate this!

0

Great stuff... combofix removed those tough vundo files.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....
__________________________________________________________
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j7261231]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]

__________________________________________________________


That's just a tidy-up. Things look good in those logs but could I see the log from the smitfraudfix run2 please [for my own satisfaction].
You could just post that and tap the Solved button if your sys feels fine.

0

Man, I really appreciate all of the help. It feels great to know my computer is damn near completly free of crap. I dunno how to thank you, I really appreciate this!

Here's Smit the log:

SmitFraudFix v2.229

Scan done at 23:34:06.18, Wed 09/26/2007
Run from C:\Documents and Settings\Taylor\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1  localhost 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Video ActiveX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DA87762A-AC5D-4BC2-B820-14450E34CD82}: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DA87762A-AC5D-4BC2-B820-14450E34CD82}: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DA87762A-AC5D-4BC2-B820-14450E34CD82}: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.10 24.165.200.40 24.165.200.35


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
0

Hey, following the advice, feeding back and trusting is thanks enough.
Cheers.
"damn near" ??!! :) -if you wanna be more certain then this is a good scan, slow, but thorough. Run ccleaner first so we don't get to see the sites you visit..
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here if it shows up any problems [not cookies].

0

Oh man, I meant no offense in that. I just wasn't sure exactly that my comp was fully clean. If it is, than I'm more excited than I was! Haha. I really appreciate it man, but I'll probably run that scan tonight!

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.