Well, it
was looking clean, but you appear to still be infected. We're going to have to go over a few steps again.
First, I would like for you to download
AVG Free, install it, and update it to the latest definitions.
Then I would like for you to get a firewall. I usually wait to until after cleaning a log to suggest this, but I think you need it. You're vulnerable without a firewall, so you should look into getting either
ZoneAlarm,
Kerio Personal Firewall, or
Comodo. They're all good free firewalls. Just be sure you only have
one installed at a time! Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.
Once you have done all of that, do the following...
1. Download
VundoFix and save it to your desktop.
2. Run VundoFix and click on
Scan For Vundo.
3. Once it's done scanning, click on
Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files. Don't worry, this is normal.
6. It will prompt you to restart your computer, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a
Vundofix.txt file. Please locate this file and paste the contents in your next post.
And then, just to be thorough...
1. Download
VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and follow my next steps...
I recommend that you
print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet...
O4 - HKLM\..\Run: [lphecjfnlq] c:\windows\system32\lphecjfnlq.exe lphecjfnlq
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7ADF3C66-6A7D-4572-A587-EC5B831D01B3}: NameServer = 205.188.146.145Now, close
all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and
enable hidden files and folders.
Navigate to and delete the following file(s) if present...
c:\windows\system32\lphecjfnlq.exe
C:\WINDOWS\system32\linkprd.exeOnce you've done all of this, perform a full system scan with AVG and then reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps.