Hijack log

I have A problem when i turn on my computer i get a light blue screen that comes up and says checking file system on c drive the type of the file system is ntfs cannot open volume for direct access..after about 5 seconds it gos away and the desktop loads.after everything is loaded i will try too go in to my computer or my documents it it will take a long time to open and internet explorer will not even open it times out but mozilla firefox will work. then my screen will start to blink back and forth to desktop screen to a all blue screen then it will stay all blue..so i run vondufix and it finds hkllm.ini2, hkllm.ini, mllkh.dll and jkkkjjj.dll so i remove vondufix and it tell me taht it could not remove jkkjjj.dll so i have to reboot and remove again when i reboot it has jkkjjj.dll still there and i reboot again then it is gone and it will start all over from the begining i turned of system retore too..can anyone hepl me.. here is a log from hijack this...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:14 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\quick\quicktime pro and keygen\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {0367BD86-64D9-482D-91A1-C2346789FFD1} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19BD252D-B71A-43A6-9371-3267CFA9FEAD} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: (no name) - {5E85C971-F9E7-4F4D-A059-14FA00220C7A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8ED352EC-14AB-4FDC-9C84-A42389E7B3A1} - C:\WINDOWS\system32\byvvv.dll (file missing)
O2 - BHO: (no name) - {B6E21234-1B9A-4687-86ED-D516146E9513} - C:\WINDOWS\system32\iifef.dll (file missing)
O2 - BHO: (no name) - {CB4D9A26-9793-428D-8D15-3088DE53D1E3} - (no file)
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - (no file)
O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - C:\WINDOWS\system32\jkkkjjj.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "F:\quick\quicktime pro and keygen\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201979482912
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 4969 bytes

Hi Rock69,

The first thing that you need to do is to follow all the steps listed HERE (http://www.techspot.com/vb/topic58138.html) and repost in this thread with the three requested logs.

Also please remember that when posting these logs they should be as attachments, use the paper clip icon, see how HERE (http://www.techspot.com/vb/topic19133.html)

Good luckand if you have any questions just ask.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28, on 2008-03-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\quick\quicktime pro and keygen\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "F:\quick\quicktime pro and keygen\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201979482912
O17 - HKLM\System\CCS\Services\Tcpip\..\{0362867B-C6A7-4A34-90D0-68A84E391D9E}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 4997 bytes


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:26 2008-02-29

+ Scan result:



C:\WINDOWS\system32\Ldrdsb\Ldrdsb.exe -> Adware.Effbar : Cleaned with backup (quarantined).


::Report end


i also have this afer i did my avg scan..

Trojan horse Generic9.BFFC","C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkjjj.dll.vir","2008-03-01 09:22","jkkkjjj.dll.vir","35.5 KB"
Trojan horse Generic9.BFFC","C:\VundoFix Backups\jkkkjjj.dll.bad","2008-03-01 09:22","jkkkjjj.dll.bad","35.5 KB"

SmitFraudFix v2.298

Scan done at 19:14:33.66, Thu 02/28/2008
Run from C:\Documents and Settings\joe\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\quick\quicktime pro and keygen\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\joe


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\joe\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\joe\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 68.94.156.1
DNS Server Search Order: 68.94.157.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0362867B-C6A7-4A34-90D0-68A84E391D9E}: NameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8AA62845-6268-48C1-A7F0-C292ADCA6C90}: DhcpNameServer=167.206.3.229 167.206.3.163 167.206.3.230
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1035D0A4-E17C-4375-95EA-3DB5CD877506}: NameServer=68.94.156.1,68.94.157.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8AA62845-6268-48C1-A7F0-C292ADCA6C90}: DhcpNameServer=167.206.3.229 167.206.3.163 167.206.3.230
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8AA62845-6268-48C1-A7F0-C292ADCA6C90}: DhcpNameServer=167.206.3.229 167.206.3.163 167.206.3.230
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0362867B-C6A7-4A34-90D0-68A84E391D9E}: NameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8AA62845-6268-48C1-A7F0-C292ADCA6C90}: DhcpNameServer=167.206.3.229 167.206.3.163 167.206.3.230


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



vbg

[02/28/2008, 19:23:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\joe\Desktop\VirtumundoBeGone.exe" )
[02/28/2008, 19:24:13] - Detected System Information:
[02/28/2008, 19:24:13] - Windows Version: 5.1.2600, Service Pack 2
[02/28/2008, 19:24:13] - Current Username: joe (Admin)
[02/28/2008, 19:24:13] - Windows is in NORMAL mode.
[02/28/2008, 19:24:13] - Searching for Browser Helper Objects:
[02/28/2008, 19:24:13] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[02/28/2008, 19:24:13] - BHO 2: {0367BD86-64D9-482D-91A1-C2346789FFD1} ()
[02/28/2008, 19:24:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 19:24:13] - No filename found. Continuing.
[02/28/2008, 19:24:13] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/28/2008, 19:24:13] - BHO 4: {19BD252D-B71A-43A6-9371-3267CFA9FEAD} ()
[02/28/2008, 19:24:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 19:24:13] - No filename found. Continuing.
[02/28/2008, 19:24:13] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/28/2008, 19:24:13] - BHO 6: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} (AOLSearchHook Class)
[02/28/2008, 19:24:13] - BHO 7: {5E85C971-F9E7-4F4D-A059-14FA00220C7A} ()
[02/28/2008, 19:24:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 19:24:13] - No filename found. Continuing.
[02/28/2008, 19:24:13] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/28/2008, 19:24:13] - BHO 9: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[02/28/2008, 19:24:13] - BHO 10: {CB4D9A26-9793-428D-8D15-3088DE53D1E3} ()
[02/28/2008, 19:24:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 19:24:13] - No filename found. Continuing.
[02/28/2008, 19:24:13] - BHO 11: {D85530E8-D39D-49D0-9F36-300D594556D2} ()
[02/28/2008, 19:24:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 19:24:13] - No filename found. Continuing.
[02/28/2008, 19:24:13] - BHO 12: {ED120D76-BF31-412C-A99B-783C6676E128} ()
[02/28/2008, 19:24:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/28/2008, 19:24:13] - Checking for HKLM\...\Winlogon\Notify\jkkkjjj
[02/28/2008, 19:24:13] - Key not found: HKLM\...\Winlogon\Notify\jkkkjjj, continuing.
[02/28/2008, 19:24:13] - Finished Searching Browser Helper Objects
[02/28/2008, 19:24:13] - Finishing up...
[02/28/2008, 19:24:13] - Nothing found! Exiting...

Hi Rock69,

The first thing that you need to do is to follow all the steps listed HERE (http://www.techspot.com/vb/topic58138.html) and repost in this thread with the three requested logs.

Also please remember that when posting these logs they should be as attachments, use the paper clip icon, see how HERE (http://www.techspot.com/vb/topic19133.html)

Good luckand if you have any questions just ask.

i poseted what i came up with can you see what my problem is thank you...roger

You really should have posted them as ATTACHMENTS.
It makes them a lot easier to read.

Have HJT fix this entry,
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

Are you still experiencing problems after running through all those steps?

You also would be better getting a firewall, a good free one can be found HERE (http://www.personalfirewall.comodo.com/download_firewall.html) or HERE (http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp?dc=56pus&ctry=GB&lang=en)

Sorry about that, i will send it as an ATTACHMENT next time.. I will get a firewall too. So every thing else looks good.. I have two trojans in my avg virus vault

Trojan horse Generic9.BFFC","C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkjjj.dll.vi r","2008-03-01 09:22","jkkkjjj.dll.vir","35.5 KB"
Trojan horse Generic9.BFFC","C:\VundoFix Backups\jkkkjjj.dll.bad","2008-03-01 09:22","jkkkjjj.dll.bad","35.5 KB



should I just leave them there..and what are they..thanks again roger...

Delete them. Then reboot and run vundofix, your antivirus and HJT, then post the logs as attachments this time.