Online virus scanner log:
laxuj.dll Win32/Zquest.E infected C:\Program Files\Common Files\

Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 9:34:38 PM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ICROSO~1\ping.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lwinkodv.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\?icrosoft.NET\?explore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Main user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\vpebaceb.dll",realset
O4 - HKLM\..\Run: [{08-81-11-11-ZN}] c:\windows\system32\dwdsregt.exe CHD003
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinkodv.exe CHD003
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tbsa] "C:\WINDOWS\ICROSO~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Zrjq] "C:\Program Files\Common Files\?icrosoft.NET\?explore.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Main user\Local Settings\Temp\TICHD003.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\lwinkodv.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.highedmath.aleks.com/aleks/j2re/install_j2re.cab?cache
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179878097027
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks in advance for any help you can give me.

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.

Make sure you read and understand the instructions so we are on the same page. You have a pretty infected computer here, I suggest you stay offline unless you are troubleshooting, this junk will download more. This is probably vundo which is tough to remove and there is much more, do not expect easy.

Please see this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\j2re1.4.2_01\ <<< your Java program is VERY out of date and may be the reason you are infected. Download the newest version and uninstall all old versions in Add Remove programs, then restart the computer.

Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

C:\Documents and Settings\Main user\Desktop\HijackThis.exe <<< your location now: Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm
Once you have it moved, the rename the HJT.exe, call it NoPetrol.exe or whatever you wish.

The last time you posted 2006-09-09, 22:35, and it sounds like the same infection at least, you chose this:

Thanks for your help, but I've decided to format my hard drive. Sorry to waste your time.

If you intend to do that again, let me know now, this is a complex cleanup that will use a lot of both of our resources.

Thanks to sUBs and anyone else who helped with this fix.

Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the uninstall list, the combofix log and a new HJT log.

Thanks

Thanks for your reply. I uninstalled the old version of the Java runtime environment, installed the new version, moved and renamed the hijack this executable file like you said, ran the combofix program, and ran the hijack this program. Here is my new Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 22:37, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\NoPetrol.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3cd39821-46e0-4238-a33c-30d23e36adca} - C:\WINDOWS\system32\c_8dui.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\sobtnyab.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {565C6EC6-9333-4288-BE3B-02E73C82A0D2} - C:\Program Files\MSN\homepycem.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp5.tmp.dll
O2 - BHO: (no name) - {CA2D6E6B-80A2-FF2C-DA07-8FADA8BC72CF} - C:\WINDOWS\system32\kfqpx.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tbsa] "C:\WINDOWS\ICROSO~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Zrjq] "C:\Program Files\Common Files\?icrosoft.NET\?explore.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.highedmath.aleks.com/aleks/j2re/install_j2re.cab?cache
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179878097027
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jkklmjh.dll
O20 - Winlogon Notify: c_8dui - C:\WINDOWS\SYSTEM32\c_8dui.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

And here is my combofix log:
"Main user" - 2007-05-25 22:22:36 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Main user\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\acikvpiq.dll
C:\WINDOWS\system32\bqodbkxo.dll
C:\WINDOWS\system32\nhrpiqel.dll
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\oppoomm.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\Program Files\Common Files\Yazzle1281OinAdmin.exe"
"C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
"C:\WINDOWS\system32\~.exe"
"C:\WINDOWS\retadpu1000106.exe"
"C:\Program Files\Common Files\prohdywu.html"
"C:\Program Files\Common Files\laxuj.dll"
"C:\WINDOWS\system32\tmp2F9.tmp.dll"
"C:\Program Files\ipwindows\ipwins.dll"
"C:\Program Files\ipwindows\ipwins.exe"
"C:\Program Files\ipwindows\UnInstall.exe"
"C:\Program Files\outerinfo\Terms.rtf"
"C:\WINDOWS\system32\dwdsregt.exe"
"C:\WINDOWS\b122.exe"
"C:\Program Files\ipwindows"
"C:\Program Files\outerinfo"
"C:\Temp\tn3"

Purity Folders:

C:\WINDOWS\ICROSO~1
C:\Program Files\Common Files\ICROSO~1.NET



((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE


((((((((((((((((((((((((((((((( Files Created from 2007-04-25 to 2007-05-25 ))))))))))))))))))))))))))))))))))


2007-05-25 22:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-25 21:58 <DIR> d-------- C:\HJT
2007-05-25 20:16 50,745 --a------ C:\WINDOWS\system32\sobtnyab.dll
2007-05-25 12:36 50,341 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp2F9.tmp.exe
2007-05-25 12:36 233,404 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp2FE.tmp.exe
2007-05-25 12:36 17,010 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp2FA.tmp.exe
2007-05-25 12:36 106,626 --a------ C:\WINDOWS\nnkheb.dll
2007-05-25 09:41 37,424 --a------ C:\WINDOWS\system32\c_8dui.dll
2007-05-25 09:41 12,025 --a------ C:\WINDOWS\system32\jkklmjh.dll
2007-05-23 19:57 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-05-23 19:54 931 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-05-23 19:53 184,430 --a------ C:\WINDOWS\system32\lwinkodv.exe
2007-05-22 21:01 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-05-22 20:51 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T6
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T4
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T3
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T2
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\pog
2007-05-22 19:05 60,928 --a------ C:\WINDOWS\system32\kfqpx.dll
2007-05-22 19:05 2 --a------ C:\WINDOWS\system32\wcpicomsv.exe
2007-05-22 19:05 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ
2007-05-22 19:05 <DIR> d-------- C:\TEMP\0b9
2007-05-01 02:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-05-01 02:06 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-05-01 02:06 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-05-01 02:05 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-05-01 00:47 <DIR> d-------- C:\Program Files\Raven


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-24 00:08:24 -------- d-----w C:\Program Files\Microsoft SQL Server
2007-05-23 02:36:11 -------- d-----w C:\Program Files\Common Files\Merge Modules
2007-04-28 17:13:42 -------- d-----w C:\Program Files\AIM
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-09 14:27:07 -------- d-----w C:\Program Files\World of Warcraft
2007-03-27 14:23:08 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-03-27 14:21:45 -------- d-----w C:\Program Files\Common Files\L&H
2007-03-25 05:48:54 -------- d-----w C:\Program Files\Alarm
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{3cd39821-46e0-4238-a33c-30d23e36adca}=C:\WINDOWS\system32\c_8dui.dll [2007-05-25 09:41]
{4B646AFB-9341-4330-8FD1-C32485AEE619}=C:\WINDOWS\system32\sobtnyab.dll [2007-05-25 20:16]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{565C6EC6-9333-4288-BE3B-02E73C82A0D2}=C:\Program Files\MSN\homepycem.dll [2007-04-06 15:27]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{CA2D6E6B-80A2-FF2C-DA07-8FADA8BC72CF}=C:\WINDOWS\system32\kfqpx.dll [2007-05-21 09:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-03-12 14:57 C:\WINDOWS\system32\nwiz.exe]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 16:47]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 18:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-30 22:52]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 01:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"Tbsa"="C:\WINDOWS\ICROSO~1\ping.exe" []
"Zrjq"="C:\Program Files\Common Files\?icrosoft.NET\?explore.exe" []

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Common Files\prohdywu.html

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c_8dui]
c_8dui.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\jkklmjh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-25 22:29:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-25 22:31:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-25 22:31

--- E O F ---


Thank you for your reply. Reformating my hard drive is not an option this time because I have a version of Microsoft Visual Studio that I downloaded from my school that I am only authorized to install once.

Please read the directions carefully, I am looking for the uninstall list first thing and it is not there?

Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply

Unless I am missing something, I see no antivirus program running on this computer? It is cyber-suicide to take a computer online anymore without one. If this is the case and you need a free one, put this one in place before you proceed:
http://free.grisoft.com/doc/2/lng/us/tpl/v5
Stay away from "trials", choose the FREE version. You can replace it later if you wish.

Some information for you about Vundo: Since there is a class action involving this one, you may want to view this information:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
http://www.youtube.com/watch?v=zBUZHiKhsog
http://msmvps.com/blogs/spywaresucks/search.aspx?q=winfixer+msn
http://www.revenews.com/wayneporter/archives/adware-spyware-greynets/getting_the_fix_on_winfixer_aol_network_now/

I'll give you all of the instructions at once, if you wish to be successful, you need to read and follow the directions carefully.

1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.


2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

Thanks to Atribune and any others who helped with this fix.

Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"

3) Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThislogin a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com

(hold the Vundofix report and HJT log until you finish)


4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(some items may be missing, removed by Vundofix, don't be concerned)

O2 - BHO: (no name) - {3cd39821-46e0-4238-a33c-30d23e36adca} - C:\WINDOWS\system32\c_8dui.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\sobtnyab.dll
O2 - BHO: (no name) - {565C6EC6-9333-4288-BE3B-02E73C82A0D2} - C:\Program Files\MSN\homepycem.dll
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp5.tmp.dll
O2 - BHO: (no name) - {CA2D6E6B-80A2-FF2C-DA07-8FADA8BC72CF} - C:\WINDOWS\system32\kfqpx.dll
O4 - HKCU\..\Run: [Tbsa] "C:\WINDOWS\ICROSO~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Zrjq] "C:\Program Files\Common Files\?icrosoft.NET\?explore.exe"
O20 - AppInit_DLLs: c:\windows\system32\jkklmjh.dll
O20 - Winlogon Notify: c_8dui - C:\WINDOWS\SYSTEM32\c_8dui.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\ICROSO~1\ <<< delete that folder

C:\Program Files\Common Files\?icrosoft.NET\ <<< delete that folder

c:\windows\system32\jkklmjh.dll <<< delete that file

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the Vundofix report, a new HJT log and the uninstall list if you have not already done so.

Thanks

Sorry. Here is that uninstall log from Hijack This.
3ivx D4 4.5.1 (remove only)
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Alarm 2.0.1
Allok MOV Converter 2.0.6
AOL Instant Messenger
AVG 7.5
Bink and Smacker
Broadcom 802.11 Wireless LAN Adapter
Broadcom Wireless Utility
Celestia 1.4.1
Conexant AC-Link Audio
Conexant Data Fax Modem with SmartCP
Cypress USB Mass Storage Driver Installation
eMusic - 50 Free MP3 offer
FL Studio 6
FreeBASIC 0.16b
GraphCalc v4.0.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Help and Support
InterVideo DVD Check
InterVideo WinDVD
Java(TM) SE Runtime Environment 6 Update 1
MapleStory
Meridian Advance (remove only)
Microsoft .NET Framework 2.0
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser

Okay, I tried to do everything you said, but O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp5.tmp.dll was not found by HijackThis. It found O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp7.tmp.dll (note the 7 instead of the 5), but I did not delete this. Also, I could not find the C:\WINDOWS\ICROSO~1\ folder or the C:\Program Files\Common Files\?icrosoft.NET\. I have system folders and files and hidden files and folders unhidden like you said. I found "jkklmjh.dll" file, but I could not delete it because it was "being used by another program". Here is my new Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 16:31, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\NoPetrol.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3cd39821-46e0-4238-a33c-30d23e36adca} - C:\WINDOWS\system32\c_8dui.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp7.tmp.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.highedmath.aleks.com/aleks/j2re/install_j2re.cab?cache
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179878097027
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jkklmjh.dll
O20 - Winlogon Notify: c_8dui - C:\WINDOWS\SYSTEM32\c_8dui.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

And here is my Vundofix report:

VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.

Scan started at 3:49:39 PM 5/26/2007

Listing files found while scanning....


VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.

Scan started at 3:56:18 PM 5/26/2007

Listing files found while scanning....

C:\WINDOWS\llnmpo.ini
C:\WINDOWS\opmnll.dll

Beginning removal...

Attempting to delete C:\WINDOWS\llnmpo.ini
C:\WINDOWS\llnmpo.ini Has been deleted!

Attempting to delete C:\WINDOWS\opmnll.dll
C:\WINDOWS\opmnll.dll Has been deleted!

Performing Repairs to the registry.
Done!

Please slow down a little and review all of the instructions:)

1) I do not think the uninstall list you posted is complete, I have never seen one stop in the M's of the alphabet.

2) The beginning of this information you posted is garbled togething, it may be word wrap? Click Format at the top of notepad and make sure "Word Wrap" is not checked.

3) Vundo always has a 02 BHO and a 020 Winlogon like this:
O2 - BHO: (no name) - {3cd39821-46e0-4238-a33c-30d23e36adca} - C:\WINDOWS\system32\c_8dui.dll
O20 - Winlogon Notify: c_8dui - C:\WINDOWS\SYSTEM32\c_8dui.dll
So I am 99% certain that is Vundo and the hackers have used random named .dll's to make it more difficult to remove. You need to run Vundo fix several times to see if it will remove it, if not, then follow the directions to upload that file so it can be added to the fix. I will post another method in the fix that may or may not work, so make sure you send Atribune that file.

4) This one should remove with HJT, if it does not remove the file with the Delete on Reboot tool I post in the fix.
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp7.tmp.dll

Instructions start here:

A) How to make files and folders visible.

B) How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to the file: C:\WINDOWS\SYSTEM32\jkklmjh.dll and click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button if you would like to reboot now.

c) Run Vundo fix, you know the files you are looking for it to locate and delete, it may also find new files that are hidden, the junk does morph.

If after you run it several times it does not delete those files, then upload that file to Atribune:
If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com

Now try this:
Open Vundofix by Doubleclicking on it, the point your mouse to the white box
above the buttons and right click, then click on Add More Files. When the
next window opens, copy and past the files into the boxes and click on Add
File(s), then click on Close Window. Then click Remove Vundo.

files to add:
C:\WINDOWS\SYSTEM32\c_8dui.dll
C:\WINDOWS\system32\tmp7.tmp.dll

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(I am posting all files left, some be gone)

O2 - BHO: (no name) - {3cd39821-46e0-4238-a33c-30d23e36adca} - C:\WINDOWS\system32\c_8dui.dll
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp7.tmp.dll
O20 - AppInit_DLLs: c:\windows\system32\jkklmjh.dll
O20 - Winlogon Notify: c_8dui - C:\WINDOWS\SYSTEM32\c_8dui.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Post the Vundofix report and a new HJT log.

Thanks

I don't know why I only pasted half of the uninstall log. Here is the whole thing. Also, I turned off word wrap in notepad before I started posting here. It has been off the whole time.
3ivx D4 4.5.1 (remove only)
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Alarm 2.0.1
Allok MOV Converter 2.0.6
AOL Instant Messenger
AVG 7.5
Bink and Smacker
Broadcom 802.11 Wireless LAN Adapter
Broadcom Wireless Utility
Celestia 1.4.1
Conexant AC-Link Audio
Conexant Data Fax Modem with SmartCP
Cypress USB Mass Storage Driver Installation
eMusic - 50 Free MP3 offer
FL Studio 6
FreeBASIC 0.16b
GraphCalc v4.0.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Help and Support
InterVideo DVD Check
InterVideo WinDVD
Java(TM) SE Runtime Environment 6 Update 1
MapleStory
Meridian Advance (remove only)
Microsoft .NET Framework 2.0
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser
NVIDIA Display Driver
oggcodecs 0.71.0946
Outerinfo
Quick Launch Buttons 5.10 B5
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Rhinoceros 3.0 Evaluation
Roxio Easy Media Creator 7
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Spybot - Search & Destroy 1.4
Star Trek Voyager Elite Force
Synaptics Pointing Device Driver
The Argas Effect - Teaser & Act 1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
USB Storage Adapter FX (SM1)
Virtual 3 Vallées
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft

Uninstall list: I am looking for malware and security issues, it's a great chance for you to look for stuff you no longer use.

Outerinfo <<< this is very nasty adware related to PurityScan, uninstall it. If it gives you a problem, here is an uninstaller:
UNINSTALLER
http://www.outerinfo.com/OiUninstaller.exe
TUTORIAL
http://www.outerinfo.com/howto.html

You should read this, I see codecs that I do not know if they are bad or not.
http://forums.spybot.info/showthread.php?t=7344

Waiting on this >>>
Post the Vundofix report and a new HJT log.

Okay, when I went to uninstall Outerinfo, it said that that program had already been uninstalled. The message that came up looked legitimate, but could this be another trick? I couldn't download the file you linked to to uninstall it because some security setting does not allow me to do this. I don't know what to disable to allow myself to do it, but I don't know if it's even necessary now that I was told Outerinfo is already gone.

Vundofix did not find tmp7.tmp.dll, so I submitted it to uploadmalware.com.

When I told HijackThis to delete
O2 - BHO: (no name) - {3cd39821-46e0-4238-a33c-30d23e36adca} - C:\WINDOWS\system32\c_8dui.dll
O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp7.tmp.dll
O20 - AppInit_DLLs: c:\windows\system32\jkklmjh.dll
O20 - Winlogon Notify: c_8dui - C:\WINDOWS\SYSTEM32\c_8dui.dll
it encountered an error (I sent the error report and my HijackThis log to the creator of HijackThis like the error report said), and when I ran HijackThis again, these files were not removed from the list. I deleted all the FILES using the delete on reboot tool. The files are now gone, but some of the entries in the HijackThis report are still there.

I also ran SpyBot again in safe mode just for good measure. It found and deleted a bunch of adware, but I'm sure they'll all be back by the time I'm done typing this.

Here is my new HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 13:16, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\HJT\NoPetrol.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3cd39821-46e0-4238-a33c-30d23e36adca} - C:\WINDOWS\system32\c_8dui.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.highedmath.aleks.com/aleks/j2re/install_j2re.cab?cache
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179878097027
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jkklmjh.dll
O20 - Winlogon Notify: c_8dui - c_8dui.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

And here is the new Vundofix report:

VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.

Scan started at 3:49:39 PM 5/26/2007

Listing files found while scanning....


VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.

Scan started at 3:56:18 PM 5/26/2007

Listing files found while scanning....

C:\WINDOWS\llnmpo.ini
C:\WINDOWS\opmnll.dll

Beginning removal...

Attempting to delete C:\WINDOWS\llnmpo.ini
C:\WINDOWS\llnmpo.ini Has been deleted!

Attempting to delete C:\WINDOWS\opmnll.dll
C:\WINDOWS\opmnll.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.

Scan started at 10:05:40 AM 5/28/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.

Scan started at 10:24:32 AM 5/28/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.

Scan started at 12:57:02 PM 5/28/2007

Listing files found while scanning....

C:\WINDOWS\cbcbay.ini
C:\WINDOWS\yabcbc.dll

Beginning removal...

Attempting to delete C:\WINDOWS\cbcbay.ini
C:\WINDOWS\cbcbay.ini Has been deleted!

Attempting to delete C:\WINDOWS\yabcbc.dll
C:\WINDOWS\yabcbc.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.

Scan started at 1:07:35 PM 5/28/2007

Listing files found while scanning....

No infected files were found.

I don't know why VundoFix is saying my Java version is outdated. I installed the new one when you told me to. In add and remove programs, it says I have "Java(TM) SE Runtime Environment 6 Update 1".

Actually, there don't seem to be any popups anymore, and I'm running in normal mode. I think this computer might almost be fixed.

I don't know why VundoFix is saying my Java version is outdated. I installed the new one when you told me to. In add and remove programs, it says I have "Java(TM) SE Runtime Environment 6 Update 1".All I can speculate is that the information may be in the memory of Vundofix. Keep in mind the program does NOT update itself, you must delete the old version and download a new version to benefit from files Atribune adds.

Let's see how we are doing...you are making great progress, this is still an issue: O20 - AppInit_DLLs: c:\windows\system32\jkklmjh.dll

Try this method again, and let me know what happens, follow those instructions carefully!!

How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to the file: C:\WINDOWS\SYSTEM32\jkklmjh.dll and click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button if you would like to reboot now.



Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {3cd39821-46e0-4238-a33c-30d23e36adca} - C:\WINDOWS\system32\c_8dui.dll (file missing)
O20 - AppInit_DLLs: c:\windows\system32\jkklmjh.dll
O20 - Winlogon Notify: c_8dui - c_8dui.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

That file in red is our last problem, if you executed Delete on Reboot properly, it should be gone or say (file missing) and remove with HijackThis.

When you get to this point, I would like you to run combofix again and post a new combofix log, and post a new HJT log.

Thanks

I already deleted that jkklmjh.dll file using the delete on reboot feature of HijackThis. That file was actually gone before I posted my last HijackThis log, despite the words "File missing" not appearing next to it in the log. I even did a search for it with the Windows search tool with "Search for hidden files" and "Search for system files and folders" checked, and it did not find the file.

But I did everything else you told me. Here is my new HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 15:34, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\HJT\NoPetrol.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.highedmath.aleks.com/aleks/j2re/install_j2re.cab?cache
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179878097027
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

And here is my new ComboFix log:
"Main user" - 2007-05-28 15:51:53 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Main user\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))


2007-05-28 11:10 233,646 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmpE.tmp.exe
2007-05-28 11:03 17,010 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmpD.tmp.exe
2007-05-28 10:59 50,531 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmpA.tmp.exe
2007-05-26 15:49 <DIR> d-------- C:\VundoFix Backups
2007-05-25 22:38 50,762 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp7.tmp.exe
2007-05-25 22:35 17,010 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp6.tmp.exe
2007-05-25 22:34 50,467 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp5.tmp.exe
2007-05-25 22:31 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-25 22:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-25 21:58 <DIR> d-------- C:\HJT
2007-05-25 20:16 50,745 --a------ C:\WINDOWS\system32\sobtnyab.dll
2007-05-25 12:36 50,341 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp2F9.tmp.exe
2007-05-25 12:36 233,404 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp2FE.tmp.exe
2007-05-25 12:36 17,010 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp2FA.tmp.exe
2007-05-25 12:36 106,626 --a------ C:\WINDOWS\nnkheb.dll
2007-05-23 19:57 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-05-23 19:54 931 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-05-23 19:53 184,430 --a------ C:\WINDOWS\system32\lwinkodv.exe
2007-05-22 21:01 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-05-22 20:51 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T6
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T4
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T3
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T2
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\pog
2007-05-22 19:05 2 --a------ C:\WINDOWS\system32\wcpicomsv.exe
2007-05-22 19:05 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ
2007-05-22 19:05 <DIR> d-------- C:\TEMP\0b9
2007-05-01 02:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-05-01 02:06 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-05-01 02:06 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-05-01 02:05 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-05-01 00:47 <DIR> d-------- C:\Program Files\Raven


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-24 00:08:24 -------- d-----w C:\Program Files\Microsoft SQL Server
2007-05-23 02:36:11 -------- d-----w C:\Program Files\Common Files\Merge Modules
2007-04-28 17:13:42 -------- d-----w C:\Program Files\AIM
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-09 14:27:07 -------- d-----w C:\Program Files\World of Warcraft
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-03-12 14:57 C:\WINDOWS\system32\nwiz.exe]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 16:47]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 18:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-30 22:52]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 01:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-12 14:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-26 14:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Common Files\prohdywu.html

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 15:52:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-28 15:53:27
C:\ComboFix-quarantined-files.txt ... 2007-05-28 15:53
C:\ComboFix2.txt ... 2007-05-25 22:34

--- E O F ---

I already deleted that jkklmjh.dll file using the delete on reboot feature of HijackThis. That file was actually gone before I posted my last HijackThis log, despite the words "File missing" not appearing next to it in the log. I even did a search for it with the Windows search tool with "Search for hidden files" and "Search for system files and folders" checked, and it did not find the file.

But I did everything else you told me. Here is my new HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 15:34, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\HJT\NoPetrol.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.highedmath.aleks.com/aleks/j2re/install_j2re.cab?cache
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179878097027
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

And here is my new ComboFix log:
"Main user" - 2007-05-28 15:51:53 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Main user\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))


2007-05-28 11:10 233,646 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmpE.tmp.exe
2007-05-28 11:03 17,010 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmpD.tmp.exe
2007-05-28 10:59 50,531 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmpA.tmp.exe
2007-05-26 15:49 <DIR> d-------- C:\VundoFix Backups
2007-05-25 22:38 50,762 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp7.tmp.exe
2007-05-25 22:35 17,010 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp6.tmp.exe
2007-05-25 22:34 50,467 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp5.tmp.exe
2007-05-25 22:31 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-25 22:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-25 21:58 <DIR> d-------- C:\HJT
2007-05-25 20:16 50,745 --a------ C:\WINDOWS\system32\sobtnyab.dll
2007-05-25 12:36 50,341 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp2F9.tmp.exe
2007-05-25 12:36 233,404 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp2FE.tmp.exe
2007-05-25 12:36 17,010 --a------ C:\DOCUME~1\MAINUS~1\APPLIC~1\tmp2FA.tmp.exe
2007-05-25 12:36 106,626 --a------ C:\WINDOWS\nnkheb.dll
2007-05-23 19:57 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-05-23 19:54 931 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-05-23 19:53 184,430 --a------ C:\WINDOWS\system32\lwinkodv.exe
2007-05-22 21:01 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-05-22 20:51 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T6
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T4
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T3
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\T2
2007-05-22 19:06 <DIR> d-------- C:\WINDOWS\system32\pog
2007-05-22 19:05 2 --a------ C:\WINDOWS\system32\wcpicomsv.exe
2007-05-22 19:05 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ
2007-05-22 19:05 <DIR> d-------- C:\TEMP\0b9
2007-05-01 02:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-05-01 02:06 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-05-01 02:06 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-05-01 02:05 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-05-01 00:47 <DIR> d-------- C:\Program Files\Raven


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-24 00:08:24 -------- d-----w C:\Program Files\Microsoft SQL Server
2007-05-23 02:36:11 -------- d-----w C:\Program Files\Common Files\Merge Modules
2007-04-28 17:13:42 -------- d-----w C:\Program Files\AIM
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-09 14:27:07 -------- d-----w C:\Program Files\World of Warcraft
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-03-12 14:57 C:\WINDOWS\system32\nwiz.exe]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 16:47]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 18:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-30 22:52]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 01:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-12 14:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-26 14:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Common Files\prohdywu.html

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 15:52:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-28 15:53:27
C:\ComboFix-quarantined-files.txt ... 2007-05-28 15:53
C:\ComboFix2.txt ... 2007-05-25 22:34

--- E O F ---

HijackThis generated that same error again, by the way, but the stuff seems to be gone.

Thanks, your HJT log look good but I am concerned about these files combofix is finding. they may be valid, but I wish to be sure.

Look here: Files Created from 2007-04-28 to 2007-05-28

C:\VundoFix Backups <<< this you can delete the folder

(these are HJT so they are ok)
C:\WINDOWS\system32\LogFiles
C:\HJT

C:\DOCUMENTS and SETTINGS~1\MAINUS~1\APPLIC~1\tmpE.tmp.exe
(that is probably mainuser then application data) That is the folder all of those random files are in. Unless you know what they are, scan then to find out. There are nine of those files to check.

Use one or more of these scanners:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

I also want you to check these files:

C:\WINDOWS\nnkheb.dll
C:\WINDOWS\system32\sobtnyab.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\lwinkodv.exe <<< bad
C:\WINDOWS\system32\wcpicomsv.exe

Any you find to be bad, delete.

Thanks

Okay, I scanned those files with Kaspersky, and it turns out that sobtnyab.dll and lwinkodv.exe were bad. I deleted them.

Two of the executable files in the application data folder were bad too. I deleted those.

Sounds good:bigthumb: let's clean those System Restore files: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?O

If you want to run a good free trial to check for hidden junk, use this one with these instruction, delete or quarantine anything it finds and post the scan results if you have questions.
http://forums.security-central.us/showthread.php?t=3165
If you do run it, be sure to turn it off or uninstall it after the trial, uses a bunch of resources with no benefits, once the trial is over.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

The link you gave me to fix the restore thing seems to have been taken down by Symantec.

There are no more popups; everything seems to be fixed. Thanks, Link.

Sorry about that:sad:...here are those instructions:

MANUAL INSTRUCTIONS FOR SYSTEM RESTORE
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks