Here's the log from the scan:

Scan Results: 51521 files scanned. 4 viruses were detected.

File Infection Status Path

ddayx.dll Win32/Vundo!generic
infected H:\WINDOWS\system32\

hqlyxats.dll Win32/Darksma.AZ
infected H:\WINDOWS\system32\

jhwsxdnv.dll Win32/Vundo.DA
infected H:\WINDOWS\system32\

yayaaaa.dll Win32/Chisyne!generic
infected H:\WINDOWS\system32\

And the hjt-log:

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – H:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ATICCC] “H:\Program\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 – HKLM\..\Run: [DeltTray] DeltTray.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “H:\Program+Java\jre1.5.0_10\bin\jusched.exe”
O4 – HKLM\..\Run: [AdobePhotoDownloader] “H:\Program\Adome\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 – HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 – HKLM\..\Run: [HP Software Update] H:\Program\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] H:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [DeviceDiscovery] H:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [RemoteControl] “H:\Program\CyberLink DVD Solution\Power DVD\PDVDServ.exe”
O4 – HKLM\..\Run: [QuickTime Task] “H:\QuickTime\qttask.exe” –atboottime
O4 – HKLM\..\Run: [AdaptecDirectCD] “H:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe.”
O4 – HKLM\..\Run: [j6241132] rundll32 H:\WINDOWS\System32\ j6241132.dll sook
O4 – HKLM\..\Run: [ApachInc] rundll32.exe “H:\WINDOWS\System32\cqyxwvkr.dll”,realest
O4 – HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [BitTorrent] “H:\Program\BitTorrent\bittorrent.exe” –force_start_minimized
O4 – HKCU\..\Run: [DAEMON Tools] “H:\Program\DAEMON Tools\daemon.exe” –lang 1033
O4 – Global Startup: Adobe Gamma Loader.Ink = H:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Adobe Reader Speed Launch.Ink = H:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – H:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java-konsol - 08B0E5C0-4FCB-11CF-AAA5-00401C608501} – H:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 – Extra button: Referensinformation – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – H:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – H:\WINDOWS\web\related.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} – H:\WINDOWS\web\related.htm
O16 – DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) – http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 – Protocol: livecall – {828030A1-22C1-4009-854F-8E305202313F} – H:\Program\MSNMES~1\MSGRAP~1.DLL
O18 – Protocol: msnim – {828030A1-22C1-4009-854F-8E305202313F} – H:\Program\MSNMES~1\MSGRAP~1.DLL
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – H:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 – Service: hpdj – HP – H:\DOCUME~1\LILLIE~1\LOKALA~1\Temp\hpdj.exe

Thanks!

Hi BleepNinja

Your HjT log cuts off, please re-send it.

Before that do this:

Rename HijackThis.exe to scanner.exe

I hope this works better..

Logfile of HijackThis v1.99.1
Scan saved at 08:24:18, on 2007-06-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program\Java\jre1.5.0_10\bin\jusched.exe
H:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
H:\WINDOWS\System32\ctfmon.exe
H:\Program\BitTorrent\bittorrent.exe
H:\WINDOWS\System32\svchost.exe
H:\Program\ATI Technologies\ATI.ACE\cli.exe
H:\WINDOWS\System32\wuauclt.exe
H:\Program\MSN Messenger\usnsvc.exe
H:\Program\Java\jre1.5.0_10\bin\jucheck.exe
H:\WINDOWS\System32\rundll32.exe
H:\WINDOWS\explorer.exe
H:\Program\Mozilla Firefox\firefox.exe
H:\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35C1057E-0793-4933-BA18-F31558B45796} - H:\WINDOWS\System32\awvtt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - H:\WINDOWS\System32\yayaaaa.dll
O2 - BHO: (no name) - {A41837CF-1C46-45AC-945B-2D31D03CE838} - H:\WINDOWS\System32\ddwbwvmq.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - H:\WINDOWS\System32\bdwgyata.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "H:\Program\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] H:\Program\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] H:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] H:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "H:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [j6241132] rundll32 H:\WINDOWS\System32\j6241132.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "H:\WINDOWS\System32\cqyxwvkr.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "H:\Program\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "H:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvtt - H:\WINDOWS\System32\awvtt.dll
O20 - Winlogon Notify: yayaaaa - H:\WINDOWS\SYSTEM32\yayaaaa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: hpdj - HP - H:\DOCUME~1\LILLIE~1\LOKALA~1\Temp\hpdj.exe

Hi

We can definitely help you, but first you need to help us. You are quite behind on your Windows Updates and Patches!!

The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here to get WinXP SP1a: http://www.microsoft.com/downloads/details...&DisplayLang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=0136e5f8-1684-4202-b2d0-c6a43430f12a&DisplayLang=en)

Apply the update, reboot, then go to Windows Update and install all the Critical Updates (Note: Except for WinXP SP2)
Click here for Windows Update: http://www.windowsupdate.com/ (http://www.windowsupdate.com/)

After installing all the Patches and updates, reboot, then post a fresh Hijack This log.

:oops: As it turns out my windows xp is pirated, so I can't install sp1a. Am I doomed forever? Is this perhaps the punishment for my ignorance? I feel like I'm heading offtopic, but do you know any way to get around the problem, or any other forum where someone might know, or is buying a new windows xp the only solution?

Hi

If your copy of windows isn't legit, you won't get any help here.

Buy a legal copy of Windows is my recommendation.

Ok, I'll get back to you as soon as possible then. Thanks anyway!

This topic has been archived.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.

UPDATED WINDOWS - Your first line of defence, links and tips (http://forums.spybot.info/showthread.php?t=425)