Hey, I've managed to acquire the little red box with the exclamation mark quoting "Security Warning: Your computer may be infected with harmful or unwanted software!" I've also noticed an 888 toolbar in IE but I'm a Firefox user anyway. I tried to scan using Panda Online Scan but it wasn't successful.

Here's my HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 19:56:25, on 26/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ishost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ultimate Cleaner\App.exe
C:\Program Files\Common Files\{64E0F6E7-03E5-2057-1011-05050303002c}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{34E0F6E7-03E5-2057-1011-05050303002c}\888.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlor.dll,startup
O4 - HKLM\..\Run: [vvdkkpe.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Christopher\Local Settings\Application Data\vvdkkpe.dll",agkxvbc
O4 - HKLM\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\App.exe" hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01E4FB33-4B4F-4BAD-8B01-A54A5DB167A2}: NameServer = 212.139.132.53 212.139.132.52
O17 - HKLM\System\CS1\Services\Tcpip\..\{01E4FB33-4B4F-4BAD-8B01-A54A5DB167A2}: NameServer = 212.139.132.53 212.139.132.52
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




Any help would be appreciated.

Thanks

Welcome to the forum, if you are not receiving help elsewhere and still need help, please follow these instructions.

1) Return here: C:\HijackThis\HijackThis.exe <<< right click and rename HijackThis.exe, call it analyze.exe or what you wish.

2) Follow the directions in this link: http://forums.spybot.info/showthread.php?t=4015 When you finish the instructions, post the three logs in this same topic using the "Post Reply" button.
Please use these instructions when you run AVG Anti-Spyware, make sure you delete or at least quarantine what is located.
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/

Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.

Thanks...pskelley
Safer Networking Forums

If you would like to let your thoughts be known about the lowlifes who put that junk on your computer, you can do that here:
If you have been infected by one of the SpyAxe family
http://forums.tomcoyote.org/index.php?showtopic=58063
http://www.malwarecomplaints.info/

Thanks for the help. Here are my 3 logs.

Logfile of HijackThis v1.99.1
Scan saved at 20:13:27, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\Analyze.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {099D0986-C204-F967-3343-00A64FA96FB9} - C:\Documents and Settings\Christopher\Local Settings\Application Data\vorenbj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {8D567EC4-2C55-47E6-9737-5F8535B262F9} - (no file)
O2 - BHO: (no name) - {98DF6E5E-F5A6-4086-9337-2A0AD57C48CF} - C:\WINDOWS\system32\jkhfg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D4FAE274-4AB4-43E4-AD48-0CEA6D6C4F65} - C:\WINDOWS\system32\iifdddb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [vvdkkpe.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Christopher\Local Settings\Application Data\vvdkkpe.dll",agkxvbc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: iifdddb - C:\WINDOWS\SYSTEM32\iifdddb.dll
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winopn32 - C:\WINDOWS\SYSTEM32\winopn32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

SmitFraudFix v2.125

Scan done at 17:35:44.12, 27/11/2006
Run from C:\Documents and Settings\Christopher\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:53:42 27/11/2006

+ Scan result:



C:\Program Files\Common Files\{34E0F6E7-03E5-2057-1011-05050303002c}\Uninstall.exe -> Adware.Softomate : Ignored.
C:\Program Files\Common Files\{64E0F6E7-03E5-2057-1011-05050303002c}\Update.exe -> Adware.Softomate : Ignored.
C:\Program Files\Common Files\{64E0F6E7-03E5-2057-1011-05050303002c}\system.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0035983.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0035984.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0035985.exe -> Adware.Softomate : Ignored.
C:\WINDOWS\system32\mljjkjg.dll -> Adware.Virtumonde : Ignored.
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0034984.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win48.tmp.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\mshtml2.exe -> Downloader.PurityScan.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0034928.exe -> Downloader.Zlob.ayz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0034937.exe -> Downloader.Zlob.ayz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0034971.exe -> Downloader.Zlob.ayz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0034975.exe -> Downloader.Zlob.ayz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0035987.exe -> Downloader.Zlob.ayz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036173.exe -> Downloader.Zlob.baf : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\mst49.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Ignored.
C:\WINDOWS\system32\drvlor.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Ignored.
:mozilla.51:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.52:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.56:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.60:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.125:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.17:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.43:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.45:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.53:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.76:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.77:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.135:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.136:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.137:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.15:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.118:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.124:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.48:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.50:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.101:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.105:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.106:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.89:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.145:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.


::Report end

This appears to have removed "Security Warning: Your Computer........." and the 888 toolbar, if there is anything else I can do I most appreciate it.

Thanks.

Thanks for returning your information, Smitfraudfix seems to have done it's job well, but it appears you ignored some of the junk AVG Anti-Spyware located. You also have a nasty Vundo trojan infection.

Here are the items you need to remove with AVG Anti-Spyware:
C:\Program Files\Common Files\{34E0F6E7-03E5-2057-1011-05050303002c}\Uninstall.exe -> Adware.Softomate : Ignored.
C:\Program Files\Common Files\{64E0F6E7-03E5-2057-1011-05050303002c}\Update.exe -> Adware.Softomate : Ignored.
C:\Program Files\Common Files\{64E0F6E7-03E5-2057-1011-05050303002c}\system.dll -> Adware.Softomate : Ignored.
C:\WINDOWS\Temp\mst49.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Ignored.
C:\WINDOWS\system32\drvlor.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Ignored.

Since the site I gave you earlier appears to be down, try this one, just stop at the TrojanHunter Trial.
http://wiki.castlecops.com/Malware_Removal:_Trojan_Removal_Programs
I would run the program again in safe mode and remove that junk.
______________________________________________________

When you run Vundofix, you want to make sure all files it locates are deleted and it may take several attempts to do this. Just wast the Vundofix log and when it has "deleted" all located files, then move to the next instruction.

Thanks to Atribune and any others who helped with this fix.

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com

(Save those logs until you finished with the instructions)

How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

(some files may be gone, removed by the fix. Just don't miss any)

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {099D0986-C204-F967-3343-00A64FA96FB9} - C:\Documents and Settings\Christopher\Local Settings\Application Data\vorenbj.dll
O2 - BHO: (no name) - {8D567EC4-2C55-47E6-9737-5F8535B262F9} - (no file)
O2 - BHO: (no name) - {98DF6E5E-F5A6-4086-9337-2A0AD57C48CF} - C:\WINDOWS\system32\jkhfg.dll
O2 - BHO: (no name) - {D4FAE274-4AB4-43E4-AD48-0CEA6D6C4F65} - C:\WINDOWS\system32\iifdddb.dll
O4 - HKLM\..\Run: [vvdkkpe.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Christopher\Local Settings\Application Data\vvdkkpe.dll",agkxvbc
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O20 - Winlogon Notify: iifdddb - C:\WINDOWS\SYSTEM32\iifdddb.dll
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll
O20 - Winlogon Notify: winopn32 - C:\WINDOWS\SYSTEM32\winopn32.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\Documents and Settings\Christopher\Local Settings\Application Data\vvdkkpe.dll <<< delete that file

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the C:\vundofix.txt and a new HiJackThis log. We will have more to do.

Thanks

You Java program is out dated and could be the reason you are infected, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_02\ <<< out of date, uninstall all old version and update right away.

I've booted up today to find that Security Warning:........ and the 888 toolbar are back again.
Where should I go from here? I'll wait for a response before going any further.

Thank

Please follow the direction I am posting or you. Once you have completed the last directions posted here:
Yesterday, 20:40 then post the logs I requested.

Restart the computer and post the C:\vundofix.txt and a new HiJackThis log. We will have more to do

Make sure you updated the Java program. This stuff is never as easy to get rid of as it was to get. The logs I ask for at the end of each set of instructions are how I see what progress we have made and what is left to do.

Thanks...Phil

Logfile of HijackThis v1.99.1
Scan saved at 01:54:00, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\Analyze.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DADFC56-8511-4521-85FD-0FF931B8E540} - C:\WINDOWS\system32\jkhhg.dll
O2 - BHO: (no name) - {96F667F2-31CD-441C-8A36-57E06C8A0C20} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34E0F~2\888Bar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34E0F~2\888Bar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01E4FB33-4B4F-4BAD-8B01-A54A5DB167A2}: NameServer = 62.241.163.200 62.241.162.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{01E4FB33-4B4F-4BAD-8B01-A54A5DB167A2}: NameServer = 62.241.163.200 62.241.162.201
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.2

Scan started at 00:21:45 01/12/2006

Listing files found while scanning....

C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\sstqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vtstu.dll Has been deleted!

Performing Repairs to the registry.
Done!

Thanks:bigthumb: you are making good progress, there is one Vundo trojan file left I can see:
O2 - BHO: (no name) - {7DADFC56-8511-4521-85FD-0FF931B8E540} - C:\WINDOWS\system32\jkhhg.dll
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll
Before you remove it I would appreciate it if you would upload that file so Atribune can add it to the fix:

If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com

Let's proceed with the cleanup like this:

1) Your spyware programs will block the changes we must make, turn them off until you are done:

AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

Spyware Doctor: From within Spyware Doctor, click the "OnGuard" button on the left side.
Uncheck "Activate OnGuard".

TrojanHunter Guard: Disable TrojanHunter Guard by right clicking on the icon in your System Tray.
Make sure that the program, TrojanHunter itself, is also closed/not running.

Once the computer is clean, I suggest you choose one program to run (free or not) and turn off or uninstall the others, they will conflict. If you need advice on what one to run, let me know. You should run 1 firewall, 1 antivirus program and 1 spyware program.

2) Start > Control Panel > Add Remove programs and uninstall 888Bar, also uninstall any program you know should not be there. If you are not sure let me know and I will look.

3) Follow the instructions for Vundofix, you may have to run it several times. You want to see this file: C:\WINDOWS\system32\jkhhg.dll show in the Vundofix as "Has been deleted!"

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(some items may be gone, not to be concerned)

O2 - BHO: (no name) - {7DADFC56-8511-4521-85FD-0FF931B8E540} - C:\WINDOWS\system32\jkhhg.dll
O2 - BHO: (no name) - {96F667F2-31CD-441C-8A36-57E06C8A0C20} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34E0F~2\888Bar.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34E0F~2\888Bar.dll
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) Once you get to here, follow the instructions in this tutorial:
http://forums.security-central.us/showthread.php?t=3165

Restart the computer and post the C:\vundofix.txt, the Report-Scan.txt from AVG Anti-Spyware and a new HJT log.

Cheers

Logfile of HijackThis v1.99.1
Scan saved at 12:53:47, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\Analyze.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {79D88BC1-F40A-463F-B844-BB9609F6B167} - C:\WINDOWS\system32\jkhhg.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01E4FB33-4B4F-4BAD-8B01-A54A5DB167A2}: NameServer = 62.241.162.200 62.241.163.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{01E4FB33-4B4F-4BAD-8B01-A54A5DB167A2}: NameServer = 62.241.162.200 62.241.163.201
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:36:13 01/12/2006

+ Scan result:



C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0035983.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0035984.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP53\A0035985.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036346.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036347.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036448.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036449.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP57\A0036656.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036451.dll -> Adware.Virtumonde : Cleaned.
C:\WINDOWS\system32\rqrrsts.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036182.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP54\A0036073.exe -> Downloader.Zlob.baf : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP54\A0036082.exe -> Downloader.Zlob.baf : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP54\A0036122.exe -> Downloader.Zlob.baf : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP54\A0036133.exe -> Downloader.Zlob.baf : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036155.exe -> Downloader.Zlob.baf : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036164.exe -> Downloader.Zlob.baf : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036174.exe -> Downloader.Zlob.baf : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036289.exe -> Downloader.Zlob.bbe : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036340.exe -> Downloader.Zlob.bbe : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036374.exe -> Downloader.Zlob.bbe : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036399.exe -> Downloader.Zlob.bbe : Cleaned.
C:\WINDOWS\system32\ismini.exe -> Downloader.Zlob.bbe : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036390.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned.
:mozilla.10:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.33:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.27:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.32:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.34:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.35:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.37:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\tot46kdx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP55\A0036298.dll -> Trojan.Mezzia : Cleaned.


::Report end

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.2

Scan started at 00:21:45 01/12/2006

Listing files found while scanning....

C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\pmkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\sstqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vtstu.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.2

Scan started at 11:16:09 01/12/2006

Listing files found while scanning....

C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\ghhkj.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkhhg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.2

Scan started at 11:23:38 01/12/2006

Listing files found while scanning....

No infected files were found.


VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.2

Scan started at 12:44:14 01/12/2006

Listing files found while scanning....

No infected files were found.







Thanks.

Looks good, good job!:bigthumb: Use HJT to remove that dead Vundo line.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {79D88BC1-F40A-463F-B844-BB9609F6B167} - C:\WINDOWS\system32\jkhhg.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

There is a good chance your spyware programs will stop the removal, if so turn them off again.

Let's clean out your System Restore files like this:
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Windows will create a new restore point for you.

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

If you are back to normal, safe surfing. tashi:) will close your topic in a few days.

Thanks...Phil
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.