Thanks again! I hope things are looking better. I did as instructed....below are the requested logs:
vundofix.txt log
VundoFix V4.2.74
Running as SYSTEM
from c:\windows\system32\VundoFix.exe
Checking Java version...
Java version is 1.4.2.5
Scan started at 7:31:54 PM 5/9/2006
Listing files found while scanning....
C:\WINDOWS\system32\jkhgf.dll
C:\WINDOWS\system32\fghkj.ini
C:\WINDOWS\system32\fghkj.bak1
C:\WINDOWS\system32\fghkj.bak2
C:\WINDOWS\system32\fghkj.ini2
C:\WINDOWS\system32\fghkj.tmp
C:\WINDOWS\system32\babay.bak1
C:\WINDOWS\system32\babay.bak2
C:\WINDOWS\system32\babay.ini
C:\WINDOWS\system32\fghkj.bak1
C:\WINDOWS\system32\fghkj.bak2
C:\WINDOWS\system32\fghkj.tmp
C:\WINDOWS\system32\fghkj.ini
C:\WINDOWS\system32\fghkj.ini2
C:\WINDOWS\system32\jkhgf.dll
C:\WINDOWS\system32\fghkj.ini2
C:\WINDOWS\system32\fghkj.bak2
C:\WINDOWS\system32\fghkj.tmp
C:\WINDOWS\system32\fghkj.ini
C:\WINDOWS\system32\fghkj.ini2
C:\WINDOWS\system32\jkhgf.dll
Attempting to delete C:\WINDOWS\system32\jkhgf.dll
C:\WINDOWS\system32\jkhgf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fghkj.ini
C:\WINDOWS\system32\fghkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\fghkj.bak1
C:\WINDOWS\system32\fghkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fghkj.bak2
C:\WINDOWS\system32\fghkj.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fghkj.ini2
C:\WINDOWS\system32\fghkj.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fghkj.tmp
C:\WINDOWS\system32\fghkj.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\babay.bak1
C:\WINDOWS\system32\babay.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\babay.bak2
C:\WINDOWS\system32\babay.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\babay.ini
C:\WINDOWS\system32\babay.ini Has been deleted!
Performing Repairs to the registry.
Done!
Ewido Log
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 8:19:46 PM, 5/9/2006
+ Report-Checksum: 88EE93F6
+ Scan result:
C:\Program Files\ѕуstem32\spool32.exe -> Downloader.PurityScan.w : Ignored
HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup
C:\328520.exe -> Trojan.Small : Cleaned with backup
C:\ac2_0003.exe -> Downloader.Small.cpu : Cleaned with backup
C:\Documents and Settings\sshaw\Cookies\sshaw@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\sshaw\Cookies\sshaw@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\sshaw\Cookies\sshaw@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\sshaw\Cookies\sshaw@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\sshaw\Cookies\sshaw@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\sshaw\Cookies\sshaw@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\sshaw\Cookies\sshaw@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\sshaw\Cookies\sshaw@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\sshaw\Cookies\sshaw@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\HJT-2\backups\backup-20060331-161137-747.dll -> Adware.Suggestor : Cleaned with backup
C:\HJT-2\backups\backup-20060331-161137-951.dll -> Trojan.BHO.c : Cleaned with backup
C:\installerwnus.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup
C:\Program Files\EQAdvice\EQAdvice.exe -> Adware.CASClient : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\15AD5619-6264-4AA0-8AE8-74B420\A70DA695-0306-4FC0-85BC-EDB3A4 -> Adware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\26FBD2BD-709C-4B51-82CF-0E59C7\312F7876-1C5A-4697-8086-7DE3FD -> Adware.Softomate : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6DA0E108-BD10-42D5-91DA-D8445F\F71324C9-6010-4357-9028-631A63 -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\70152D22-AEB5-4389-A426-412DF4\176A1588-96D0-4771-ACBE-3F763E -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\70152D22-AEB5-4389-A426-412DF4\31662EB0-9025-43AE-8546-ED203A -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\70152D22-AEB5-4389-A426-412DF4\6AD6A2B6-DEB1-41CE-8A28-9B3693 -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\70152D22-AEB5-4389-A426-412DF4\8CD1C734-9598-45C0-AB65-B40AA5 -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\70152D22-AEB5-4389-A426-412DF4\F682022E-AEF7-4855-BABF-869B7B -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\73F3CCC4-F405-4BF5-8ACA-6355E1\932EE26C-DB4D-4532-B2AA-5396FF -> Adware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7B9E041B-1DCE-4968-8FE6-27DC43\4555B525-550D-4FA9-895F-5E7F70 -> Dropper.Small.qn : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\803F05EB-D4D7-433E-8D5C-BC0D06\438FE701-12C2-4608-8DE7-9FB7FF -> Adware.CommAd : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\803F05EB-D4D7-433E-8D5C-BC0D06\B7A07AFA-B633-4A1C-8BFE-B3C2AC -> Adware.CommAd : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\AF4E54E7-4A53-4946-AD84-A22A08\4FE021B8-7617-4DD4-A71B-E4E04B -> Hijacker.Small.jf : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CB6A20E2-253E-431D-B5D9-B64BE4\6B875660-ECF1-4561-81B5-CB4540 -> Adware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4D99F0C-18DB-4C6D-ACE8-189DC8\1B954ACE-502C-4C0A-83B2-6B8763 -> Adware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E4D99F0C-18DB-4C6D-ACE8-189DC8\86C1E72D-F361-4F67-B5CF-66D4D0 -> Adware.Look2Me : Cleaned with backup
C:\Temp\KB887472-x86.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Error during cleaning
C:\WINDOWS\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\country.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\errorhandler.exe -> Downloader.VB.nw : Cleaned with backup
C:\WINDOWS\hosts -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\keyboard7.exe -> Downloader.VB.zg : Cleaned with backup
C:\WINDOWS\kl1.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\mousepad7.exe -> Downloader.VB.zw : Cleaned with backup
C:\WINDOWS\newname7.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\secure32.html -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\system32\485048524A4F54.exe -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\system32\en0ul1d91.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\eoiolbkd.dll -> Adware.Agent : Cleaned with backup
C:\WINDOWS\system32\installer.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\WINDOWS\system32\MTE2ODI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\system32\q.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\q3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\q5.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\qmdsregl.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\sуstem32\explorer.exe -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\viptr76yg.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\w021d891.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\wvusq.dll -> Trojan.BHO.c : Cleaned with backup
C:\WINDOWS\system32\xxx2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\z1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\z3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\toolbar.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\uniq -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\xrzafav.exe_tobedeleted -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\xrzafavA.exe -> Hijacker.VB.ij : Cleaned with backup
::Report End
HiJackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 8:27:21 PM, on 5/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\HJT-2\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=48835
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalci....1.11_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CRS.local
O17 - HKLM\Software\..\Telephony: DomainName = CRS.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CRS.local
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe