I have been helping a friend with his comp. The problem started with smitfraud. Then came the vundo. Running vundofix and combofix and am still having issues with something in the background. When I open Internet Explorer it only works half the time (basically nothing opens). Well after a few attempts at opening I opened the task manager and was watching the processes as I opened the IE. When nothing opened a process started IEXPLORE.exe and was running 13-16k.
Trying again another opened. Finally getting connected IEXPLORE.exe started yet another process and the one actually running internet connection yielded a 45-65k. So here I sit ?????????? Please help if you can. Following is the HJThis report Combofix report and the vundo report.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:30, on 2007-11-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hijackthis\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3A2224A0-B114-4491-9305-FD0E4B55FA1E} - C:\WINDOWS\system32\vtuurpo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {73E6C50D-61DC-48D2-A379-C1712B10F431} - C:\WINDOWS\system32\pmnlm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: vtuurpo - C:\WINDOWS\SYSTEM32\vtuurpo.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 7620 bytes

ComboFix 07-11-19.4 - HP_Administrator 2007-11-28 1:33:47.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.550 [GMT -7:00]
Running from: C:\hijackthis\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\HP_Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\HP_Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\HP_Administrator\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\pmnlm.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-27 12:56 784,245 --ahs---- C:\WINDOWS\system32\usxgobrl.ini
2007-11-27 12:55 85,056 --a------ C:\WINDOWS\system32\lrbogxsu.dll
2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall\Bo-Shot
2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall
2007-11-27 04:14 <DIR> d-------- C:\Program Files\CCleaner
2007-11-27 01:28 <DIR> d-------- C:\Program Files\COMODO
2007-11-27 01:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2007-11-27 01:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-27 01:28 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2007-11-27 01:28 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-27 01:28 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-26 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 21:15 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-26 18:34 32 -r-hs---- C:\Temp\HPCD.sys
2007-11-26 18:32 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-26 18:32 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2007-11-26 13:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-26 12:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-26 00:28 3,746 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 00:27 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-26 00:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-26 00:27 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-26 00:27 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-25 23:14 <DIR> d-------- C:\VundoFix Backups
2007-11-25 22:28 37,376 --a------ C:\WINDOWS\system32\fccddef.dll
2007-11-25 21:36 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-25 19:01 <DIR> d-------- C:\Program Files\Incomplete
2007-11-25 18:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-25 18:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 18:34 <DIR> d-------- C:\Program Files\LimeWire
2007-11-25 15:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-25 15:24 <DIR> d-------- C:\Program Files\Ahead
2007-11-25 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-25 15:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-25 15:24 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-11-25 15:24 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-25 15:18 <DIR> d-------- C:\Program Files\Nero
2007-11-25 15:18 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-25 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-25 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-25 11:36 <DIR> d-------- C:\Program Files\Bonjour
2007-11-25 11:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-24 21:09 <DIR> d-------- C:\Program Files\Glary Utilities
2007-11-24 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 16:46 <DIR> d-------- C:\Program Files\SD EnterNET
2007-11-24 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-24 16:06 <DIR> d-------- C:\Program Files\Download Manager
2007-11-24 15:36 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-24 15:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 15:32 <DIR> d-------- C:\Program Files\blackdeath.nf.forumer
2007-11-24 15:07 <DIR> d-------- C:\Program Files\support.com
2007-11-24 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-11-24 14:06 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-24 14:06 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-24 14:06 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-24 14:06 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-24 14:06 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 19:43 71,232 ----a-w C:\WINDOWS\system32\xbalfeal.exe
2007-11-27 09:00 --------- d-----w C:\Program Files\Java
2007-11-27 08:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-27 03:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-26 19:39 --------- d-----w C:\Program Files\The Weather Channel FW
2007-11-26 07:25 5,280 ----a-w C:\z.dat
2007-11-26 06:03 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-11-26 01:54 37,376 ----a-w C:\WINDOWS\system32\vtuurpo.dll
2007-11-26 01:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-25 04:13 --------- d-----w C:\Program Files\Yahoo!
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-09-20 16:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 16:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-13 03:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-19 17:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2224A0-B114-4491-9305-FD0E4B55FA1E}]
2007-11-25 18:54 37376 --a------ C:\WINDOWS\system32\vtuurpo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 21:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 23:35]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 02:11]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 09:05]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 18:18]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-27 01:28]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 18:40:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3A2224A0-B114-4491-9305-FD0E4B55FA1E}"= C:\WINDOWS\system32\vtuurpo.dll [2007-11-25 18:54 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuurpo]
vtuurpo.dll 2007-11-25 18:54 37376 C:\WINDOWS\system32\vtuurpo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnlm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40a788bc]
rundll32.exe C:\WINDOWS\system32\lrbogxsu.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 --a------ C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.6\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"="C:\Windows\Creator\Remind_XP.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
S4 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe"

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 01:48:41
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 1:50:49 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-26 12:27
C:\ComboFix3.txt ... 2007-11-25 23:40
.
--- E O F ---



VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 11:14:24 PM 11/25/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 11:40:11 AM 11/26/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 00:15:19 2007-11-28

Listing files found while scanning....

C:\windows\system32\aoqwintl.dll
C:\WINDOWS\system32\atqqyuot.dll
C:\windows\system32\atqqyuot.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\aoqwintl.dll
C:\windows\system32\aoqwintl.dll Has been deleted!

Attempting to delete C:\windows\system32\atqqyuot.dllbox
C:\windows\system32\atqqyuot.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

Edit: FYI for all members.
"BEFORE you POST"(READ this Procedure before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
NOTE:We do NOT ask for ComboFix etc before helpers have analysed HJT/KAV scans (http://forums.spybot.info/showthread.php?t=16806 )

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You do realize the instructions are pinned to the top of the forum, like this one:
http://forums.spybot.info/showthread.php?t=16806 and that anything less that following the instruction will make it less likely you will receive help?

You have a Vundo infection which can be very hard to remove. This will take some time and unless you are patient, understand how to follow directions and are comfortable working on your computer, you may want to seek local professional help. If you wish to proceed, read and follow the directions carefully.

If you still want help:

1) Read and follow the directions.

2) Place System Configuration Utility (MSConfig) in Normal Startup mode.

3) Post the correct HJT log, version 2.0.2 as described in the instructions.

4) Tell me about the issues, symptoms, error messages "word for word", what you think will help.

Thanks

This topic is closed due to lack of a response.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks