Nt_kernet Error 1256

I see to be one of many people with the same error message appearing. I believe that your suggestion is to download Hijackthis and send you the logs so that you can see what is happening. I have literally hundreds of those pos...tmp files in my documents folder. I hate when things go wrong with my computer. It makes me sick to the stomach to fix them. But it is my main computer that is suffering with the Vundo, I believe you called it. Please advise me on the next course of action. The computer hangs badly, and will not actually do much when you ask for Restart. All I get is the wallpaper picture, no icons or anything. Help!!

Find more posts tagged with

Comments

garng2k

This is my Hijackthis logfile

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:27:47 PM, on 06/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\System32\svchost.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Common Files\AOL\1135974044\ee\AOLHostManager.exe

C:\Program Files\Common Files\AOL\1135974044\ee\AOLServiceHost.exe

C:\Documents and Settings\Kathy's Funtime\Desktop\moon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SEENUS020100/FRWCompleteAddIns

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! Canada

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL

R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: {ce214d63-ff4d-4918-9dd4-b40715a022a1} - {1a220a51-704b-4dd9-8194-d4ff36d412ec} - C:\Windows\system32\snhioqwa.dll

O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll

O2 - BHO: (no name) - {2860C741-8F63-45DA-B029-2B4B148AC499} - C:\Windows\system32\mljhedc.dll

O2 - BHO: (no name) - {2F0A26C4-3E37-4868-8DB8-D52C1798ECF6} - C:\Windows\system32\ssqro.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\Windows\system32\andkkvls.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll

O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration740.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKLM\..\Policies\Explorer\Run: [updateManager] C:\Program Files\Common Files\Microsoft Shared\TextConv\wmupdate.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - Global Startup: AIM 6.0.lnk = C:\Program Files\AIM6\aim6.exe

O4 - Global Startup: MSN Messenger 7.5.lnk = C:\Program Files\MSN Messenger\msnmsgr.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: WeatherEye.lnk = ?

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-us\bin\WindowsSearch.exe

O4 - Global Startup: Yahoo! Messenger with Voice (2).lnk = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Support - {6A029EAC-2A52-475F-B8FE-AF3186EA3D03} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=1009

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab

O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/chuzzled...aploader_v7.cab

O20 - Winlogon Notify: andkkvls - C:\Windows\SYSTEM32\andkkvls.dll

O20 - Winlogon Notify: mljhedc - C:\Windows\SYSTEM32\mljhedc.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

End of file - 13102 bytes

farbar

Hi,

You are obviously in a very difficult situation. Do you have a firewall? Please do the following.

Step 1.

Before removing anything please make a copy of these files (the virus researchers may want to look at those files):

C:\Windows\system32\snhioqwa.dll

C:\Windows\system32\mljhedc.dll

C:\Windows\system32\ssqro.dll

C:\Windows\system32\andkkvls.dll

1. Archive it password protected (rar, 7.zip, etc.). Use infected as password.

2. Post it as attachment (use browse, give the path to the archive, press green UPLOAD button).

You may read more here about how to archive: Virus Submission

Note: The files may be hidden. You have to unhide the files in order to make a copy.

Step 2.

Download VundoFix by Atribune to your desktop.

Double-click VundoFix.exe to run it.
When VundoFix opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot.

Step 3.

Remove old Java versions due to serious security vulnerability (specially for Vundo family malware):

Download the latest version of JRE (Java Runtime Environment (JRE) 6 Update 4) from here: http://java.sun.com/javase/downloads/index.jsp

But don't install it yet.

Go to control panel -add/remove programs – uninstall/remove all the old versions of Java, or any item with Java (JRE or J2SE) in the name and remove the folders from program files.

Reboot once all Java components are removed.

Step 4.

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button

Step 5.

Reboot and make a fresh Hijackthis log and copy and paste the log along with the copy of Vundofix log (C:\vundofix.txt).

garng2k

Hi,

You are obviously in a very difficult situation. Do you have a firewall? Please do the following.

Step 1.

Before removing anything please make a copy of these files (the virus researchers may want to look at those files):

C:\Windows\system32\snhioqwa.dll

C:\Windows\system32\mljhedc.dll

C:\Windows\system32\ssqro.dll

C:\Windows\system32\andkkvls.dll

1. Archive it password protected (rar, 7.zip, etc.). Use infected as password.

2. Post it as attachment (use browse, give the path to the archive, press green UPLOAD button).

You may read more here about how to archive: Virus Submission

Note: The files may be hidden. You have to unhide the files in order to make a copy.

Step 2.

Download VundoFix by Atribune to your desktop.

Double-click VundoFix.exe to run it.

When VundoFix opens, click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot.

Step 3.

Remove old Java versions due to serious security vulnerability (specially for Vundo family malware):
Download the latest version of JRE (Java Runtime Environment (JRE) 6 Update 4) from here: http://java.sun.com/javase/downloads/index.jsp

But don't install it yet.

Go to control panel -add/remove programs – uninstall/remove all the old versions of Java, or any item with Java (JRE or J2SE) in the name and remove the folders from program files.

Reboot once all Java components are removed.

Step 4.

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button

Step 5.

Reboot and make a fresh Hijackthis log and copy and paste the log along with the copy of Vundofix log (C:\vundofix.txt).

/applications/core/interface/file/attachment.php?id=1437" data-fileid="1437" rel="">Infected.rar

Infected.rar

farbar

Step 6.

1.Go to My documents folder and remove the *.tmp files manually. To do that highlight them all (select the first .tmp file- hold down Shift and scroll down to the last .tmp and highlight/select the last .tmp) and delete them using Shift+Del to bypass the Recycle bin.

2. Additional check:

*Go to start-search-click

all files and folders

*Click

more advanced options

and check

: search system folders

search hidden files and folders

and

search subfolders

*Type p*.tmp if there more of those files in other places remove them manually.

garng2k

Sorry, I sent the RAR file before answering your question about a firewall. Well, yes I do, which makes the situation even more perplexing for me. I also run McAfee Enterprise, which usually catches any and everyting coming in. Nothing like computers to keep you busy!

garng2k

Sorry, I sent the RAR file before answering your question about a firewall. Well, yes I do, which makes the situation even more perplexing for me. I also run McAfee Enterprise, which usually catches any and everyting coming in. Nothing like computers to keep you busy!

What do I do if VundoFix can't remove a file? The computer is on its third reboot, with VundoFix saying that it cannot remove mljhedc.dll?

farbar

Sorry, I sent the RAR file before answering your question about a firewall. Well, yes I do, which makes the situation even more perplexing for me. I also run McAfee Enterprise, which usually catches any and evrything coming in. Nothing like computers to keep you busy!

No problem.

1.You may check the Internet traffic of the firewall and look for, note, report and remove allowed suspicious entries.

2. after removal of vundo go to Internet options-tools- and set your privacy setting to default. It is usually lowered by the malware.

I edit this to answer your question. Let Vundofix run, it should stop after a few times running. But after say 5 times running if it did not stop you stop it and report back with both mentioned logs.

garng2k

What do I do if VundoFix can't remove a file? The computer is on its third reboot, with VundoFix saying that it cannot remove mljhedc.dll?

So VundoFix couldn't remove that file, so I tried to delete it manually. It wouldn't let me, so I renamed the extension .****** and hid it in a series of folders. I performed the instructed tasks, and found 2500 .tmp files in My Documents. Then I found copies of the same files in My Computer, and deleted those as well, using Shift + Delete. I am including the VundoFix and the HijackThis files of the last scans. I also found some interesting files in My Computer. Their names are sqmdata01.sqm, and up in numbers, and sqmnoopt01.sqm. Do you have any idea what these are? I have never seen them before. To be safe, I isolated them in a folder, but would like advice on whether they are harmful or not. I suppose it is now safe to install the Java?

HijackThis logs:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:28:20 PM, on 06/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\AIM6\aim6.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe