You still have LimeWire remove it
Run this
http://www.mypctuneup.com/evaluate.php
Fix these with HJT mark them, close IE, click fix checked
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [Micro Process] appconf.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteehl32.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Microsoft Windows Firewall] winfirewalls.exe
O4 - HKLM\..\Run: [xs7j33i] debhrui.exe
O4 - HKLM\..\Run: [Norton Antivirus 7.0a] C:\dns2.exe
O4 - HKLM\..\Run: [System Services] wucualt.exe
O4 - HKLM\..\Run: [WINDOWS SYSTEM] ninfoie.exe
O4 - HKLM\..\Run: [ibin] C:\wdns.exe
O4 - HKLM\..\Run: [ue2e1msc] C:\WINDOWS\System32\ue2e1msc.exe
O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\System32\temp532.exe -N
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c77 -w
O4 - HKLM\..\Run: [ulkheqr] c:\windows\system32\ejhdewi.exe r
O4 - HKLM\..\RunServices: [Micro Process] appconf.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Firewall] winfirewalls.exe
O4 - HKLM\..\RunServices: [ICQ Chat Service] icqjdhs.exe
O4 - HKLM\..\RunServices: [WINDOWS SYSTEM] ninfoie.exe
O4 - HKCU\..\Run: [Micro Process] appconf.exe
O4 - HKCU\..\Run: [Microsoft Windows Firewall] winfirewalls.exe
O4 - HKCU\..\Run: [System Services] wucualt.exe
O4 - HKCU\..\RunServices: [System Services] wucualt.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O15 - Trusted Zone:
http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
O23 - Service: Micro Process (zymolafor.bsd.st) - Unknown owner - C:\WINDOWS\System32\appconf.exe" -netsvcs (file missing)
DL
http://www.downloads.subratam.org/KillBox.zip
Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:
Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.
c:\ex.cab
c:\eied_s7.cab
C:\WINDOWS\System32\vbsys2.dll
C:\wdns.exe
C:\WINDOWS\system32\usbn.exe
C:\WINDOWS\AuroraHandler.dll
Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.
Exit the Killbox.
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Now click "Apply to all folders", Click "Apply" then "OK"
Delete these folders
C:\Program Files\Common Files\WinTools
C:\Program Files\Toolbar
START RUN type in %temp% OK - Edit Select all File Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Click Start > Run > and type in:
services.msc
Click OK.
In the services window find
System Startup Service
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.
Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.
Repeat for
WebSeach Toolbar support NT service
WinTools for IE service
Micro Process
------------
In Hijack This, click on the "Open Misc Tools section" button. Next click the "Delete an NT service" button. Copy and paste the following in that box:
SvcProc
TBPSSvc
WinToolsSvc
zymolafor.bsd.st
Click OK.
Boot and post a new log (Please post the log not attach it)
Open the log in notepad
EDIT - SELECT ALL
EDIT - COPY
Then come to this message, and in the quick reply box click in the white space and then EDIT - PASTE
Please give feedback on what worked/didnt work and the current status of your system