Virus/Spyware blocking access to antispyware sites

[poorstudent]

I have a registered full version of zone alarm installed on my computer, along with a nonregisted version of lavasoft's adaware.

I went onto a livejournal site(which ive done before mind you), and suddenly zone alarm flips out, mozilla firefox closes and utorrent opens up. This thing called WinWeb security installs itself onto my computer and is 'claiming' its plagued with viruses-- though the winweb is ironically the virus. I run zone alarm scan while I delete the hidden program files of winweb (it was in a folder of a random skew of digits in my application data folder). Zone alarm picks up 5 things, which are quarinteened and deleted. I go through program files, system32, and my processes to get rid of anything suspicious (after throroughly researching each one to verify this is the right action)

I end up with a list of culprits-- ~.exe started it all and random things like ichat and GetModule30 appear and something in the Microsoft folder called Office6 (I cross check using my moms comp which im on now).  So, I delete the bad .dlls except one that wont delete, even in safe mode done via cmd: Khfutnol.dll

And yes, Ive erased all temp files.

I notice that it (actually windows this time) has notified me that my computer is unsafe because automatic updates were turned off. I try to turn them on. It wont work.

I try to do it manually by going to the website. It wont connect.

I try to update zone alarm, lavasoft, and try to download that SAS program mentioned in the read me and run this antimalware program and even go to norton--- each time the page is either not displayed or it redirects me to amazon.com or advertisements for nonrelated items or another search page.

Yet, it loads google, my email, etc.

I am depsperate. Please tell me there is something I can do to salvage my computer, please....

Oh yeah. I tried system restore too. IT DISABLED THAT TOO.

thank you in advance,

-poor student

**it will also not allow me to execute mbam which i downloaded onto this computer and transfered to mine via usb.

****i just attempted the same thing with hijackthis---- same thing. Wont execute and instead opens up firefox with a popup ad.

[Computer Hope Admin]

I'd suggest reading through the below post and posting your Hijackthis log so it can be looked at.

http://www.computerhope.com/forum/index.php/topic,46313.0.html

[poorstudent]

I'd suggest reading through the below post and posting your Hijackthis log so it can be looked at.

http://www.computerhope.com/forum/index.php/topic,46313.0.html

I have read through the post, and as I mentioned above, my system will not allow me to execute the Hijackthis file.

[mcxeb52!]

Are you using windows XP or windows VISTA?

I wonder if you can access the system restore function and whether there's any restore point there. Maybe, boot into safe mode to test (use safe mode with networking if you need internet at that time or just safe mode which disables your internet connection until you reboot normally)

If system restore is okay and you have a known good clean point, you can restore back there to see if it fixes the problems, I've done that before on my own system but I don't know if it'll work on yours because no two computers are alike.

[pimpiepopmac]

I am having the same issues. I have tried the system restore and it wont respond.  The computer just ignores the fact i am clicking on the next button. I have tried resetting in safe mode but it just sits on the black screen that says safemode in the bottom corners. I read somewhere that the virus keeps you from booting fully in safe mode. I have a separate subject post with what i have found so far.

[poorstudent]

Are you using windows XP or windows VISTA?

I wonder if you can access the system restore function and whether there's any restore point there. Maybe, boot into safe mode to test (use safe mode with networking if you need internet at that time or just safe mode which disables your internet connection until you reboot normally)

If system restore is okay and you have a known good clean point, you can restore back there to see if it fixes the problems, I've done that before on my own system but I don't know if it'll work on yours because no two computers are alike.

XP is my operatying system. As pimpiepopmac has mentioned, it disables system restore, and safemode has the same issues. I tried deleting the virus manually via the cmd via safe mode, and it still wont delete.

at this point, i am willing to lose my stuff- if i reformat my system, and reinstall windows, will it completely get rid of the virus?

--actually, this virus still allows me to burn dvds and transfer files to usbs. im wondering if its transmitting any virus with my stuff though?

I am having the same issues. I have tried the system restore and it wont respond.  The computer just ignores the fact i am clicking on the next button. I have tried resetting in safe mode but it just sits on the black screen that says safemode in the bottom corners. I read somewhere that the virus keeps you from booting fully in safe mode. I have a separate subject post with what i have found so far.

i read through your post, looks like we got the same thing, that sucks....let us hope we solve this.

[mcxeb52!]

YES -- reformatting and reinstalling windows from scratch should remove the virus.
I don't know if burning would transmit the virus, however.


Oh yeah, get a firewall too instead of using windows xp's firewall. That helps prevent viruses and bad stuff from entering your computer in addition to a antivirus product.

[Computer Hope Admin]

It's good you're copying Malwarebytes from the flash drive, but strange that it's not running. You may want to try renaming the file and/or  executing Malwarebytes through safe mode. If you're able to get this to run it should be capable of removing winweb security.

[poorstudent]

It's good you're copying Malwarebytes from the flash drive, but strange that it's not running. You may want to try renaming the file and/or  executing Malwarebytes through safe mode. If you're able to get this to run it should be capable of removing winweb security.

This actually worked! Well, the part about getting it to install. I renamed it to game.exe and was able install it via safe mode, thank you! I couldn't get the scan itself to run in safe mode though, so I restarted my computer.

Unfortunately, it seems this virus can recognize the name of the exe you are trying to run. When i clicked mbam to run (directly from progam files; also by right clicking what should be scanned; and directly from start menu) it would not run. However, when i renamed the folder and files to varations of game.exe, it would run when clicked directly, but it would say it was missing a file.

So it basically appears that this virus has recognizes all the common cures, which really sucks.

..reusing this concept though, of renaming as a loophole, i was able to get a the hjt log ^_^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:52 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8DD08535-1270-47B9-B975-88942C53B4A8} - C:\WINDOWS\system32\ljJCuVOH.dll
O2 - BHO: {e711ab82-0c25-c799-7d74-a4c25450ef39} - {93fe0545-2c4a-47d7-997c-52c028ba117e} - C:\WINDOWS\system32\kuioej.dll
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\khFuTnol.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: BHOws Object - {D5DF7C9D-6069-4552-8B0C-D02A912FC889} - ws.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [lifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NBInstall] C:\DOCUME~1\JACLYN~1\LOCALS~1\Temp\mir12g.exe
O4 - HKLM\..\Run: [1797086258] "C:\Documents and Settings\All Users\Application Data\968969430\1797086258.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\my game\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [GetModule30] C:\Program Files\GetModule\GetModule30.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124139966819
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D81B06F-AEFE-4AD5-AC9A-427115FAF109}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kuioej.dll
O20 - Winlogon Notify: khFuTnol - C:\WINDOWS\SYSTEM32\khFuTnol.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Jaclyn Glatt\My Documents\My Pictures\lisy.JPG
O24 - Desktop Component 2: ???Ver. - http://www.geocities.jp/ynus_ss/flash/tyuru_clock.html

--
End of file - 12345 bytes

[pimpiepopmac]

check out my post poorstudent.  I got some great info from the mbam website that got the file to run no problem.

[poorstudent]

check out my post poorstudent.  I got some great info from the mbam website that got the file to run no problem.

I think its working!!! Disabling that  TDSSserv.sys was they key! After I restarted my comp zone alarm immediately quarentined a trojan and backdoor virus, and then I was able to get mbam to run! ^___^ Wasnt able to update it, but Im thinking after the first scan and after it fixes all the infected stuff, I can update it then (as you said you werent redirected from anti-virus sites anymore) and can run it again.

And then I can finally do my homework!! Yay!! Thank you 

ps. I shall update this at the end of two scans to verify I get the same results. Should I do system restore to a point before the infection as well?

[poorstudent]

Just wanted to say that my computer is working awesome now, Zone Alarm and Mbam took care of it all and I can get back on to their websites and everything, updating works again, and Im sure system restore does too(still wondering if i should do that...)

Thank you all who have helped me!

--the last of poor student

[Computer Hope Admin]

That's good to hear although based off what I see in your Hijacklog (ran through v7.0 of Computer Hope process tool) it appears you've got several other potential threats that you may want to address.

1. Open HijackThis.
2. Click Do a system scan only
3. Check the boxes that correspond to the below lines.

    * o2 - bho: (no name) - {8dd08535-1270-47b9-b975-88942c53b4a8} - c:\windows\system32\ljjcuvoh.dll
    * o2 - bho: {e711ab82-0c25-c799-7d74-a4c25450ef39} - {93fe0545-2c4a-47d7-997c-52c028ba117e} - c:\windows\system32\kuioej.dll
    * o2 - bho: (no name) - {a63e645f-13bd-45ed-b15f-6e8c1bd57279} - c:\windows\system32\khfutnol.dll
    * o2 - bho: bhows object - {d5df7c9d-6069-4552-8b0c-d02a912fc889} - ws.dll (file missing)
    * o4 - HKLM\..\Run: [1797086258] "C:\Documents and Settings\All Users\Application Data\968969430\1797086258.exe"
    * o4 - hklm\..\run: [nbinstall] c:\docume~1\jaclyn~1\locals~1\temp\mir12g.exe
    * o4 - hkcu\..\run: [getmodule30] c:\program files\getmodule\getmodule30.exe
    * o20 - appinit_dlls: kuioej.dll
    * o20 - winlogon notify: khfutnol - c:\windows\system32\khfutnol.dll

4. Once the above have been checked click the Fix checked button.
5. After fixed close Hijackthis.

Delete the below files from your computer:

c:\windows\system32\ljjcuvoh.dll
c:\windows\system32\kuioej.dll
c:\windows\system32\khfutnol.dll
c:\docume~1\jaclyn~1\locals~1\temp\mir12g.exe
c:\program files\getmodule\getmodule30.exe

It also appears you don't have an AntiVirus program on the computer the Zone Alarm I see in your process list is your Firewall. I'd suggest getting a free AntiVirus program installed on the computer such as AVG.

[poorstudent]

Thank you for going through the hijacklog- though since that was done before the extensive cleaning, those files are now deleted, for which I am very thankful.

Hm, and I have zone alarm security suite  so I thought that did it all...

[mcxeb52!]

Well that's good it's all fixed

I'd delete restore points by disabling then re-enabling the system restore to be sure you don't have any points that may be infected in case you decide to restore your computer but it's up to you.