Alrighty...you've got a few nasties, but we should be able to get this all sorted out. First, let's take care of your Vundo infection...
1. Download
VundoFix and save it to your desktop.
2. Run VundoFix and click on
Scan For Vundo.
3. Once it's done scanning, click on
Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files. Don't worry, this is normal.
6. It will prompt you to restart your computer, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a
Vundofix.txt file. Please locate this file and paste the contents in your next post.
And then, just to be thorough...
1. Download
VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and reboot back into normal mode.
5. The program normally produces a
VBG.txt file. Please locate this file and paste the contents in your next post.
Now, let's take a look at your log... Once we start, you won't have access to this post anymore, so I recommend that you
print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\msiexec.exe
O2 - BHO: (no name) - {6064348C-FF1E-42B3-A90A-4B35AF0AB67E} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\cbxyaax.dll
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "C:\Documents and Settings\Travis\My Documents\My Videos\WinAntiVirusPro2007FreeInstall.exe" -nag
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\ihhpwfge.dll",forkonce
O15 - Trusted Zone: *.stumbleupon.com(This site is safe, but it's always best to not allow a site into your Trusted Zone.)O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetu p1.0.0.15.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O20 - Winlogon Notify: cbxyaax - C:\WINDOWS\SYSTEM32\cbxyaax.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe(You have LimeWire. The program itself isn't considered malicious, but it the programs/files downloaded through this client may be unsafe, and are likely contributors to your infection. Many downloads are also considered illegal, as they infringe on copyright laws. You don't have to delete this, but it is strongly advised.)O17 - HKLM\System\CCS\Services\Tcpip\..\{EBE3764D-FAD0-4AC0-9E4D-0B10C70E8BE1}: NameServer = 207.69.188.187 207.69.188.186(If this isn't your ISP, you should fix this.)Now, close
all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and
reboot into Safe Mode and
enable hidden files and folders.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...
SystemDoctor 2006 Free
LimeWire (You don't have to remove this, but it is advised.)Please note any other programs that you dont recognize in that list in your next response.Navigate to and delete the following folder(s) if present...
C:\Program Files\SystemDoctor 2006 Free
C:\Program Files\LimeWire (You don't have to remove this, but it is advised.)Navigate to and delete the following file(s) if present...
C:\Documents and Settings\Travis\My Documents\My Videos\WinAntiVirusPro2007FreeInstall.exe
C:\WINDOWS\system32\cbxyaax.dll
C:\WINDOWS\system32\ihhpwfge.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\lich.exeOnce you've done all of this, reboot into Normal Mode and post a new HijackThis log (along with the Vundo logs) so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps.