Thanks for the scans, remember to keep HJT by Trendmicro and delete the other one.

The reason I had you rename HJT is because the thieves that have written the Vundo Trojan have written it to evade a HJT scan and by renaming it to something else, if Vundo is present it will then show up on your log.

Dont forget to disable the TeaTimer in Spybot or it may prevent the fixes from working.
Open Spybot and go to Mode> Advanced Mode> Tools> Resident and take the checkmark out of Tea Timer



REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tdtzhalp]
tdtzhalp.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdccb]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D1AE094-CBE1-4F31-B333-97B120CAA0F3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75EBFB0A-D62C-4201-A7E3-3595C2F449FB}]
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.




Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

If you know what this is and know it to be safe then keep it otherwise remove it.
O16 - DPF: {43E4476A-6C11-4274-AFA4-DF665B26EAE0} (Session Viewer) - https://10.150.52.9/plugins/vkvm/ActiveXVideoViewer.cab


Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!


Post one last HJT log and lets make sure its all gone.

Ken