Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click Yes
Once you click yes, your desktop will go blank as it starts removing the Vundo.
When completed, it will prompt that it will reboot your computer, click Ok
Please attach the C:\vundofix.txt & a new HijackThis log.
Note: it is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." When VundoFix appears at reboot.
Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [eggs joy math type] C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\iso surf.exe
O4 - HKCU\..\Run: [owns tray] C:\DOCUME~1\MATTHE~1\APPLIC~1\grimcomp\HECK HTM.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis and**reboot.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
[b]C:\Documents and Settings\All Users\Application Data\Bind army eggs joy\
C:\DOCUME~1\MATTHE~1\APPLIC~1\grimcomp[/b]
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
After that, Reboot, and post a new HijackThis log here in a reply