I would just like to say I greatly appreciate all help with the situation. Vundofix had to restart and run again in order to delete two of the files, but it seemed to have no problem on the restart as evidenced by the log at the end of the post. Here are my logs.
Combofix:
"husko" - 2007-07-25 19:38:45 [GMT -4:00] - ComboFix 07-07-24 - Service Pack 2 NTFS
ADS removed - system32: deleted 5392 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\yayvvuv.dll
C:\WINDOWS\system32\yayvvuv.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\stem~1\services.exe
C:\Program Files\Internet Explorer\sademoxu83122.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\retadpu572.exe
C:\WINDOWS\stem32~1
C:\WINDOWS\stem32~1\fast.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\rxlv.dll
C:\WINDOWS\system32\T1
C:\WINDOWS\system32\T1\kmhp83122.exe
C:\WINDOWS\system32\T11
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T5
C:\WINDOWS\system32\T7
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wnstssv32.exe
C:\WINDOWS\system32\wviikids.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))
2007-07-25 19:40 6,506 --ahs---- C:\WINDOWS\system32\rqtwa.bak1
2007-07-25 19:40 228,960 --a------ C:\WINDOWS\system32\awtqr.dll
2007-07-25 19:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 19:26 <DIR> d-------- C:\VundoFix Backups
2007-07-25 09:36 126,016 --a------ C:\WINDOWS\system32\rhgekies.dll
2007-07-25 08:52 <DIR> d-------- C:\Deckard
2007-07-25 01:24 8,576 --a------ C:\WINDOWS\system32\drivers\fkskekiimsws.sys
2007-07-25 01:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-25 00:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
2007-07-25 00:23 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-24 21:28 <DIR> d-------- C:\temp\0c2
2007-07-24 21:27 <DIR> d-------- C:\temp\brr
2007-07-05 20:15 <DIR> d-------- C:\CloneDVDTemp
2007-07-05 20:11 <DIR> d-------- C:\DOCUME~1\Husko\APPLIC~1\SlySoft
2007-07-05 20:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-07-05 20:06 <DIR> d-------- C:\Program Files\CloneDVD2
2007-07-05 20:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-07-05 17:59 <DIR> d-------- C:\Program Files\AnyDVD
2007-07-05 17:30 <DIR> d-------- C:\DOCUME~1\Husko\APPLIC~1\Elaborate Bytes
2007-07-05 16:58 <DIR> d-------- C:\temp\dvdbackup
2007-07-05 16:51 <DIR> d-------- C:\DVDburner
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-25 23:48:20 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-07-25 23:36:08 -------- d-----w C:\Program Files\Online Services
2007-07-25 06:08:18 -------- d-----w C:\Program Files\iTunes
2007-07-25 06:04:28 -------- d-----w C:\Program Files\Apoint
2007-07-25 06:04:24 -------- d-----w C:\Program Files\AIM
2007-07-25 05:11:38 -------- d-----w C:\Program Files\Viewpoint
2007-06-27 21:31:45 -------- d-----w C:\Program Files\Starcraft
2007-06-22 13:54:49 99,904 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-06-20 21:08:56 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-06-08 05:20:35 -------- d-----w C:\Program Files\LimeWire
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24BC6AF5-EA3F-451D-8D9B-5BE27D30ED09}]
2007-07-25 19:40 228960 --a------ C:\WINDOWS\system32\awtqr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D53A523-15A2-44F4-8F33-45AB380E8559}]
C:\WINDOWS\system32\vturs.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-11 13:45]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 18:21]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 02:21]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 16:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 01:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"Tair"="C:\PROGRA~1\COMMON~1\STEM~1\services.exe" []
"Nnxszate"="C:\WINDOWS\??stem32\fast.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Bluetooth.lnk - C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe [2005-09-19 17:02:54]
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2000-09-17 22:04:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqr]
C:\WINDOWS\system32\awtqr.dll 2007-07-25 19:40 228960 C:\WINDOWS\system32\awtqr.dll
R1 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
R1 SbcpHid;SbcpHid;\??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 BASFND;BASFND;\??\C:\WINDOWS\system32\Drivers\BASFND.sys
R2 BNPagent;Client Security Agent;"C:\Program Files\Bradford Networks\Client Security Agent\bnpagent.exe"
R2 BTSERIAL;Bluetooth Serial Driver;\??\C:\WINDOWS\system32\drivers\btserial.sys
R2 BTSLBCSP;Bluetooth Port Client Driver;\??\C:\WINDOWS\system32\drivers\btslbcsp.sys
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R3 AnyDVD;AnyDVD;C:\WINDOWS\system32\Drivers\AnyDVD.sys
R3 Appdrv;Appdrv;\??\C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys
R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 NAVAP;NAVAP;\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys
R3 Pcouffin;Low level access layer for CD devices;C:\WINDOWS\system32\Drivers\Pcouffin.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 BTWDNDIS;Bluetooth LAN Access Server;C:\WINDOWS\system32\DRIVERS\btwdndis.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 TnIDriver;TnIDriver;\??\C:\DOCUME~1\Husko\LOCALS~1\Temp\tni284.tmp
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
Contents of the 'Scheduled Tasks' folder
2007-07-25 04:40:32 C:\WINDOWS\tasks\Pareto UNS.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-07-25 19:47:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-25 19:51:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-25 19:50
--- E O F ---
My Hijackthis log:
Deckard's System Scanner v20070711.54
Run by husko on 2007-07-25 at 19:53:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as husko.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54, on 2007-07-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bradford Networks\Client Security Agent\bnpagent.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Husko\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\husko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.espn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://aimtoday.aol.com/segmentation...97&service=AIM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {24BC6AF5-EA3F-451D-8D9B-5BE27D30ED09} - C:\WINDOWS\system32\awtqr.dll
O2 - BHO: (no name) - {7D53A523-15A2-44F4-8F33-45AB380E8559} - C:\WINDOWS\system32\vturs.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\COMMON~1\STEM~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Nnxszate] C:\WINDOWS\??stem32\fast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = susqu.edu
O17 - HKLM\Software\..\Telephony: DomainName = susqu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = susqu.edu
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Client Security Agent (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Client Security Agent\bnpagent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 5795 bytes
-- Files created between 2007-06-25 and 2007-07-25 -----------------------------
2007-07-25 19:54:13 0 d-------- C:\Program Files\Trend Micro
2007-07-25 19:40:22 6506 --ahs---- C:\WINDOWS\system32\rqtwa.bak1
2007-07-25 19:40:10 228960 --a------ C:\WINDOWS\system32\awtqr.dll
2007-07-25 19:26:13 0 d-------- C:\VundoFix Backups
2007-07-25 09:36:45 126016 --a------ C:\WINDOWS\system32\rhgekies.dll
2007-07-25 01:24:27 8576 --a------ C:\WINDOWS\system32\drivers\fkskekiimsws.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-25 01:15:29 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-25 00:40:24 0 d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2007-07-25 00:23:27 0 d-------- C:\Program Files\Enigma Software Group
2007-07-05 20:15:58 0 d-------- C:\CloneDVDTemp
2007-07-05 20:11:33 0 d-------- C:\Documents and Settings\Husko\Application Data\SlySoft
2007-07-05 20:11:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-07-05 20
52 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-07-05 20
37 0 d-------- C:\Program Files\CloneDVD2
2007-07-05 17:59:32 0 d-------- C:\Program Files\AnyDVD
2007-07-05 17:30:25 0 d-------- C:\Documents and Settings\Husko\Application Data\Elaborate Bytes
2007-07-05 16:51:43 0 d-------- C:\DVDburner
-- Find3M Report ---------------------------------------------------------------
2007-07-25 19:48:20 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-07-25 19:36:08 0 d-------- C:\Program Files\Online Services
2007-07-25 02:08:18 0 d-------- C:\Program Files\iTunes
2007-07-25 02:04:28 0 d-------- C:\Program Files\Apoint
2007-07-25 02:04:24 0 d-------- C:\Program Files\AIM
2007-07-25 01:11:38 0 d-------- C:\Program Files\Viewpoint
2007-06-27 17:31:45 0 d-------- C:\Program Files\Starcraft
2007-06-08 01:20:35 0 d-------- C:\Program Files\LimeWire
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{24BC6AF5-EA3F-451D-8D9B-5BE27D30ED09} C:\WINDOWS\system32\awtqr.dll
{7D53A523-15A2-44F4-8F33-45AB380E8559} C:\WINDOWS\system32\vturs.dll [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"Tair"="\"C:\\PROGRA~1\\COMMON~1\\STEM~1\\services.exe\" -vt yazb"
"Nnxszate"="C:\\WINDOWS\\??stem32\\fast.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CATCHME
-- End of Deckard's System Scanner: finished at 2007-07-25 at 19:55:26 ---------
And finally my vundofix text:
VundoFix V6.5.6
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 7:26:13 PM 7/25/2007
Listing files found while scanning....
C:\windows\system32\hwaqenej.exe
C:\windows\system32\owqqtowa.dll
C:\WINDOWS\system32\srutv.bak1
C:\WINDOWS\system32\srutv.bak2
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\vturs.dll
C:\windows\system32\xjaibldo.exe
Beginning removal...
Attempting to delete C:\windows\system32\hwaqenej.exe
C:\windows\system32\hwaqenej.exe Could not be deleted.
Attempting to delete C:\windows\system32\owqqtowa.dll
C:\windows\system32\owqqtowa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\srutv.bak1
C:\WINDOWS\system32\srutv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\srutv.bak2
C:\WINDOWS\system32\srutv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vturs.dll Has been deleted!
Attempting to delete C:\windows\system32\xjaibldo.exe
C:\windows\system32\xjaibldo.exe Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\hwaqenej.exe
C:\windows\system32\hwaqenej.exe Has been deleted!
Attempting to delete C:\windows\system32\xjaibldo.exe
C:\windows\system32\xjaibldo.exe Has been deleted!
Performing Repairs to the registry.
Done!
Once again I thank you for your help in this matter.