XP system apparently messed up by Vundo.k

I've gone through the entire Malware Removal Process as described on this site and concluded I have no idea which forum is now relevant.

System Info (if not included in HiJackThis log):

OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name XP-CHILL
System Manufacturer Dell Inc.
System Model Inspiron 9300
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 8 GenuineIntel ~1596 Mhz
BIOS Version/Date Dell Inc. A02, 2/23/2005
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
User Name XP-CHILL\chris
Time Zone Eastern Standard Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 555.76 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.40 GB
Page File C:\pagefile.sys


The problem began with IE6 browser rapidly opening links, at will, around 11/1/2007. My best recollection is that my first effort was to run SuperAntiSpyware which indicated the presence of Vundo.k. I downloaded and ran VundoFix which indicated fixes were made but the following 'identified' problems remained.

1) IE browser home page window was essentially blank white.
2) Other webpages either appeared correctly and were functional or appeared incorrectly and were not functional.
3) System Restore window would appear on second attempt to start but the window was blank white.
4) The normal two panes of Explore (Start -> Search) would open but all that appeared was the dog walking from the background to the foreground.
5) Windows Media Player 10 would no longer start.

Downloads of a variety of cleaning software either provided no improvement or the download attempt would fail to begin with. I tried reloading Service Pack 2 from a CD but that didn't seem to have any effect. I tried many other things (too many to remember, much less mention) and probably just made a bigger mess.

Finally I tried running ComboFix which returned functionality of IE home page, System Restore, Explorer Search and the IE browser seems stable.

The remaining 'identifiable' problems are as follows:
1) IE6 does not start on first attempt. A second double-click on the shortcut successfully starts IE6. However, when I exit IE an error window appears indicating IE has not shutdown properly and after a bar graph completes its track the option is available to End Task which then exits IE.

2) WMP will not function. (I probably really screwed this one up by trying to uninstall WMP, attempting to download and install WMP11, and then scraping WMP11 by some forgotten means). Attempts to download WMP10, (I have no need for WMP11 from my perspective), have failed. The result is an error window identified as "unregmp2.exe - Entry Point Not Found" with the error message "The procedure entry point MFPlatformStartup could not be located in the dynamic link library MFPlat.dll".

3) Sigma Tel C-Major driver will work if uninstalled after booting and being reinstalled but it seems to lose its functionality each time the computer is rebooted.

4) Excel closes with the standard Microsoft Error window indicating it has experienced a problem and must shut down.

5) Attempts to load McAfee Virus software have been successful but once present the computer grinds to a virtual standstill. (I beliieve this is occurring, at least in part, because the Windows Firewall has been on while McAfee has included installation of a Personal Firewall such that two firewalls may have been active at the same time. This has created such a nuisance that I haven't attempted to repeat the process to experiment with what the cause may be.)

Other comments that may be relevant:
1) Event Viewer -> System: has consistently shown MSFWHLPR to have 'internal data structure errors'.

2) Event Viewer -> System: has consistently shown BroadJump PPPoE Protocol Helper failing to start because it is unable to locate a file to start.

3) I went through the entire Malware Removal procedure described on this site - twice unfortunately. After the first time I thought I would try to install the McAfee software again to see if that problem remained. That messed things up so badly I took so many steps to get things relatively operational again that I thought I better run through the whole process again to get accurate logs.

4) Both times the AVG Anti-Spyware did not produce any "Reports". Clicking on the "Reports" command resulted in a message saying that no reports were available. However, in the first instance three items were quarantined and a few cookies were deleted. After having deleted Quarantined items as part of the second time through only one item was quarantined and it was the same as the first listed item in the first attempt. I have attached a file containing these three items (and text from the early run of VundoFix). Sorry for the added confusion on that detail.

5) And something else just happened. On my desktop I have a Windows Explorer shortcut icon that is a folder with a magnifying glass. It just temporarily changed to a drawing tablet with a pencil and a check mark. After opening it with a double-click and closing the resulting Explorer window with the upper right corner red X the icon returned to its original self.???

6) After all that I have messed around with, and downloaded, the disk now has only 25% free space, it is 24% fragmented and the files are 49% fragmented. Should this be cleaned up before or after any further attempt to repair the system?

Hopelessly confused! Any help would be appreciated.

 

All instructions seemed to work without any hiccups. I had the AVG Anti-Spyware set to start automatically with Windows. I did exit it before beginning the process provided in the instructions. However, for whatever difference it may make, when the automatic reboot occurred the AVG Anti-Spyware did load again. I immediately removed it from the automatic startup mode and exited it again before proceeding further.

After reaching the end of the instructions I "shut down" and powered up the laptop a couple of times to look for differences in its performance.

Of the 'identifiable' problems listed in my first post, the first four remain and I didn't dare mess with trying to load the McAfee software.

In the 'other comments' category the first item concerning MSFWHLPR no longer appears in the Eventvwr/System. I have attached a file containing the one error shown in Eventvwr/System, and one error and one warning shown in Eventvwr/Application.

Further instruction?

 

The sfc /scannow ran through to completion (no message requesting the xp cd), but I do have it at hand.

The double-click startup of IE6 still seems to result in an hour glass appearing for two or three seconds and then disappearing without a browser window opening. Anytiime the window doesn't open on the first try, when I shut down the computer the IE error occurs (item 1).

I previously mentioned that the Sigma Tel C-Major driver did not function after the computer was booted. I believe I incorrectly indicated that I had 'uninstalled' the driver and 'reinstalled' it such that it worked until I rebooted. In attempting to check whether this last set of instructions had an effect on performance I first determined that the same Sigma Tel error was occurring.

I intended to repeat my earlier 'uninstall/reinstall'. After performing the 'uninstall' Sigma Tel was no longer listed in Device Manager and I realized that I previously had actually just 'disabled/re-enabled' Sigma Tel.

To fix that mistake I had to go into the Sigma Tel subdirectory and double-click on the 'Setup' icon. This reinstalled Sigma Tel without any indication of an error. I shut down and re-started the computer. During the startup a message screen appeared with a message to the effect that the system did not support Sigma Tel.

However, after the startup completed I no longer get any error indicating Sigma Tel is not working. In fact, while WMP is still gone I can now use Media Player 2 which did not work previously without Sigma Tel.

Shut down of Excel continues to produce the same error.

The same three Eventvwr errors and warnings are still showing up.

I also mentioned previously that one of my desktop icons changed temporarily without me be aware of what I might have done just before it occurred. This time I happened to be in Windows Explorer and clicked on Desktop to view a listing of everythiing showing on my desktop and when I exited Windows Explorer several icons had false icons shown on top of the correct icon (bizarre).

More help!