Oh okay. I had started Vundofix before you had replied though, so I figured I'd just finish it. I'll cancel it and do what you said then.

Fair enough.

Okay. Malwarebytes keeps freezing and I renamed the .exe. Either I didn't do it right (I think I did) or something else is going on.

Try GMER. We may have some rootkit issue here.

GMER was inconclusive. I did however get Malwarebytes and SUPERAntiSpyware to work. They both picked up a bunch of trojans. I'm assuming I should change any important passwords on my computer? Super was able to remove the fake software on reboot, but Malwarebytes couldn't run on reboot for some reason. Here are the logs.

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

3/22/2009 8:39:28 AM
mbam-log-2009-03-22 (08-39-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 272938
Time elapsed: 4 hour(s), 19 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{abc42510-9b22-41c1-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abc42510-9b22-41c1-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{abc42510-9b22-41c1-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{F6751740-EB65-4F51-9F4B-AC268B6E20CE}\RP649\A0091951.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F6751740-EB65-4F51-9F4B-AC268B6E20CE}\RP649\A0091964.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Michael\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 03/22/2009 at 02:24 AM

Application Version : 4.25.1014

Core Rules Database Version : 3784
Trace Rules Database Version: 1741

Scan type : Quick Scan
Total Scan Time : 00:44:41

Memory items scanned : 619
Memory threats detected : 2
Registry items scanned : 530
Registry threats detected : 1
File items scanned : 6701
File threats detected : 112

Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
C:\WINDOWS\SYSTEM32\AUTOCHK.DLL

Adware.SysGuard/FakeAlert
C:\WINDOWS\SYSGUARD.EXE
C:\WINDOWS\SYSGUARD.EXE
[system tool] C:\WINDOWS\SYSGUARD.EXE

System restore IS a viable option. Previously, before I ran the scans and removed whatever I couldn't boot into safe mode, but now I can. I have plenty of system restore point from before this occurred, so if you recommend I just do that, I can.

System restore IS a viable option.

Don't. Never use system restore on infected computer, because you're gonna bring back most of garbage, which was already cleaned.

I'd like to see GMER log, and fresh HJT log.

Yeah. That was my main concern.

I don't have the Gmer log since I forgot to save it (I ran the scan overnight and it finished around 6 AM, so I wasn't on top of my game then), but I'll run it again and then get you that HJT log.

Thank you. GMER doesn't take THAT long to run.