vundo trojan help PLEASE!!

I hope someone will help me get rid of the Vundo trojan. I have followed all the instructions in the "How to:Spyware, Trojan And Virus Removal" by Major Attitude. (One exception was that I could not run "about:Buster" because I kept getting a run-time error '5' msg.) I got the message from many of the scans that my system was clean, but Norton AntiVirus continues to give me the virus alert: C:\Windows\system32\pmkjk.dll is infected with Trojan.Vundo, and that it was unable to repair the file. Access denied. I cannot disable Norton Internet Security because I keep getting a message that I do not have those permissions.
Before following your instructions I also tried to delete the file, then to rename and delete it, all with no luck. I think tried to do a System Restore, but that, too, was unsuccessful.
My final step last night was to download HiJack This, and that proved to be a problem also. Everytime I would try to download it from your website, I was redirected to something called Spyware Doctor. I finally downloaded the file onto my laptop and transferred it to the infected machine. I have unzipped it as instructed, but have not yet run it.
This morning when I logged onto that computer I had an error message from CWShredder saying it had encountered an error and had to close. When I clicked on the Internet Explorer icon, I got a message from a-squared saying that a program appeared to be sending info secretly. I opted to "terminate", then was able to get onto IE.
I then received another from a-squared saying that "Filename C:\Program Files\Dell Support\DSAgent.exe Diagnosis Found a possible trojan or spyware downloader." I again opted to Terminate. This time when I went to see if I could get to the HiJack This download from your site, I was able to.
The only other weird thing I noticed was a seemingly empty file folder called MSConfig that was created on September 30 probably about the time I turned the computer on that day. I don't remember creating that folder.
Not sure if you need it but here's info about our set up. We have two desktops and one laptop with XP Professional. We are set up for file sharing of selected files. The laptop is most often run wirelessly on a WPA encrypted network. We have a Netgear router and Linksys Access Point.
I would really appreciate any help I can get in fixing this problem. I don't mind hiring someone to do it for me, but I've found that those folks often create more problems and then I haven't learned anything either!

 

I am in Safe mode on my desktop (typing this on the laptop) and I've started the vundofix.exe and have a question:
Where I'm supposed to type in a file path, I'm not sure what to put there since it says in the instructions "as instructed by the forum staff". Should I put the file that Norton says is infected?

 

Okay, I got to the point where I entered the file name backwards, pressed Enter, F6, Enter and my Norton AV popped up "Malicious script detected" Your computer is halted and needs to do something about this script.
Object Windows Script Host Shell Object
Activity Run
Do I select the option that says to "Authorize this script?"

 

Nevermind about my last question. I got brave and proceeded. It looks like we've gotten rid of my Norton popup about the virus. Do I need to do anything further? I will run another HJT log to see if the infected files are still there.

 

I have done all of those steps. Here is my HJT log. I am not aware of any other malware issues.

 

I am currently in the MyWay Removal instructions in the Registry Editor. I have gone into My Computer, clicked Edit- Find, typed MyWay. It has shown me 25 entries, only 1 of which actually says "MyWay." Do I go ahead and delete them all? Since this is dealing with the Registry, I would really rather be safe than sorry.
Also, at start up this morning, I again received warnings from a-squared Guard Alert concerning Real Player and Symantec. How can I get rid of those warnings, or am I getting ahead of myself?
Thanks so much for your help this far!

 

Yes, I did the Add/Remove, then ran Windows Installer CleanUp Utility. The Myway Search ASsistant was not there.
Then I started the secondary instructions fro myway removal. The MsiExec.exe string was not there so I went to step 4.
I did step four where I searched the Local Hard Drive for MyWay. I deleted those files.
That's when I went to regedit. I have only deleted the one that referenced MyWay.

Also, when I run HJT again, do I need to delete the RO - HKCU.....www.yahoo.sbc.com? That is my home page.

 

Here's that search log.

 

In doing the search for MyWaySA this is the list returned.

 

I have not completed that step since I got stuck in the Dell forum steps (the regedit) for removing MyWay. I am attempting to be very methodical in following your instructions, so I didn't do anything else at the time. I have also not run HJT to fix those things in #9 either. Should I do both now? And should I delete the line that refers to my home page (SBC Yahoo)?

 

I complete the steps in #9, including running HJT (deleting any of the remaining files on your list). Then I went thru the steps in How to Reset Web Settings. Here are the new Registry search logs.

 

Here's the new HJT log.

 

I must have missed the instructions to reboot after running Microsoft Installer Cleanup. I restarted, ran another HJT log, and it is no longer showing.

My other issues are with a-squared Guard alert. It keeps giving me alerts on Real Player and on Symantec. As I'm typing this, it just popped up with an alert that says:
File Name: C:\Program Files\Dell Support\DSAgnt.exe
Diagnosis: Found a possible trojan or spyware downloader.
That is worrisome to me. I don't know what option to choose---My tendency would be to select "Terminate program". But why is it trying to run?

 

I fixed the two lines you suggested and then rebooted. When I clicked on the Internet Explorer icon, a-squared gave me this:
c:\programs\....\ie\explore.exe
Diagnosis: Found a possible LAN bypass backdoor or spyware.

I got two warnings from a-squared earlier today:
The first was the one concerning "possible trojan or spyware" associated with Real Player.
The same warning was also given concerning Symantec -- I guess since I have Norton run when the machine starts. (?)

JUST NOW a-squared gave me a warning again about the Dell Support\DSAgnt.exe.

I don't want to have to keep dealing with all their warnings, so should I uninstall the program, or just select the option "Always allow program" if I know what the program is???

 

Another a-squared just popped up saying that the DSAgnt.exe is trying to install a service or device driver. I am not selecting an option on any of these open warning windows until I hear back from you.

 

I have not received any more msgs regarding Real Player.
I went ahead and uninstalled Dell Support.

I do have my WinXP CD.

Here's the HJT log.

 

I do have the Window XP Pro SP2 disk. My machine is only a couple months old.
I'm not getting any more warnings from a-squared, so maybe you've fixed everything!

Do I need to uninstall any of the programs I've downloaded to take care of all these problems, or should I leave them in case I need them again?

 

What firewalls are the best to use with a home network? I had to disable the one in Norton or I couldn't get to files on various computers.
I will re-read the article you suggested.
Thanks so VERY VERY much for all of your great help! I think I've learned some things, and I really feel like I've accomplished something!
I'm going to go to work now on our other two machines, so you guys will hear from me again soon.
THANKS AGAIN!