Peter,
The vundo trojan has so many files and registry entries that are being updated by these slimeballs on a regular basis, so it takes running a few programs to get rid of it all.
What I would like you to do is drag Combofx to the trash and download a fresh copy to your desktop, you can use the same links I provided earlier.
Then do this.
Open Notepad and copy all the text inside the Code box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::
Code:
File::
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\AAK.dll
C:\WINDOWS\system32\AAD.DLL
C:\WINDOWS\system32\AAP.DLL
C:\WINDOWS\system32\ad_away.lic
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BE195F9-F7C7-4334-B591-B9900BA24DB1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E71ADDC-4451-43F1-A6E2-3B515E578E67}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8146B1B8-0078-4131-81FC-2A76C1FD6ECC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1BA9F50-D95B-4B4E-9218-E796EC763161}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f45555a6"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxyxy]
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.