17 replies to this topic

[deekay]

Hi

Thanks for taking the time to read this post. I seem to have picked up a problem that has uninstalled my Anti Virus protection (Norton AV 2007) and won't let me reinstall. I do remember seeing a brief flash of the MS DOS window as I clicked on an unknown exe file (I know - what an idiot!).

I've attached an HJT log. Any help would be MOST welcome!!

Thanks
DK


Logfile of HijackThis v1.99.1
Scan saved at 00:15:04, on 29/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\Explorer.EXE
G:\Unzipped\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan....bs/nanoinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/templates/...bcontrol012.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{528276D9-F64A-4246-9BB2-8F2088260E1D}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

[rridgely]

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  
• Press any Key and it will restart the PC.
  
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

[deekay]

Hi

I'm afraid that I've been unable to start in Safe Mode. After selecting Safe Mode I get a whole screen full of messages similar to 'multi(0)disk(0)rdisk(0)partition(1).WINDOWS...' and it then loops back to the very first screen of a boot.

I've tried starting the Recovery Console by booting from the Windows disk and have run fixboot c: (to no effect - still can't access Safe Mode). It warns me away from running fixmbr because my drive has non-standard partitioning (which it does).

Any ideas? Is it starting to look teminal?

Thanks

[rridgely]

Goto Start > Run > and copy and paste

cmd /c reg.exe query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot" /s>%systemdrive%\Result.txt && notepad %systemdrive%\Result.txt

Press OK and it will export the contents of the SafeBoot keys and write it to a text file named Result.txt which will open in notepad and also save to C:\Result.txt, please post the contents of that log in your next reply

Run Hijack This and choose Do A System Scan then place a check next to these entries

O4 - HKLM\..\Run: [smgr] mgrs.exe
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - ht*p://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

Close all open browser and other windows except for Hijack This and press the Fix Checked button

Delete this file

C:\WINDOWS\mgrs.exe

Then run CCleaner to clear out the temp folders

-------------

Run BitDefender Online Scanner

• Using internet Explorer please go HERE to run BitDefender's Online scan.
  
• Read the terms and then click I Agree
  
• You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
  
• On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
  
• Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
  
• Reboot your computer

Post back the results of bitdefender with a new hijackthis log.

[deekay]

Hi

I've made a little progress:

1. Command line executed. File 'Result.txt' is empty. I must admit that I've run the command a few times as I've been around a loop in desperation!
2. HJT entries fixed.
3. mgrs.exe deleted.
4. CCleaner carried out.

I've been unable to complete an online BitDefender scan. The scan was stopped 3 times after about 90 minutes due to Internet Explorer having 'encountered a problem and needs to close'.

I therefore tried the download version; I've been unable to install this. Each attempt at installation failed as there was an 'Error writing to file C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe. Verify that you have access to this directory'. I should have - this is just a home computer.

I've noticed that I have recently started to receive pop-up offers to various internet connections that I've never heard of! I've removed these and defaulted back to Virgin. I'll try another online BF scan as soon as I've finished writing this.

I'm still unable to boot in Safe Mode. All I can offer you is my latest HJT log. Thanks for your time!!




Logfile of HijackThis v1.99.1
Scan saved at 10:35:15, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\velycdbt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
G:\Unzipped\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jmsmrarm.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan....bs/nanoinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/templates/...bcontrol012.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{528276D9-F64A-4246-9BB2-8F2088260E1D}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\velycdbt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[rridgely]

Please download VundoFix.exe
to your desktop.

• Double-click VundoFix.exe to run it.
  
• Click the Scan for Vundo button.
  
• Once it's done scanning, click the Remove Vundo button.
  
• You will receive a prompt asking if you want to remove the files, click YES
  
• Once you click yes, your desktop will go blank as it starts removing Vundo.
  
• When completed, it will prompt that it will reboot your computer, click OK.
  
• Please post the contents of C:\vundofix.txt into your next reply

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Post the vundofix log with a new hijackthis log.

[deekay]

Only partial success again I'm afraid. VundoFix was unable to delete C:\windows\system32\velycbdt.exe despite rebooting 4 times.

Here are the logs:

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 17:11:20 30/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.ini
C:\windows\system32\byxwxvu.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\dnlqsfos.dll
C:\WINDOWS\system32\jmsmrarm.dll
C:\windows\system32\lsinlxlr.ini
C:\windows\system32\mrarmsmj.ini
C:\windows\system32\nqtss.ini
C:\windows\system32\nqtss.ini2
C:\windows\system32\nqtss.tmp
C:\windows\system32\rlxlnisl.dll
C:\WINDOWS\system32\sstqn.dll
C:\windows\system32\velycdbt.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini Has been deleted!

Attempting to delete C:\windows\system32\byxwxvu.dll
C:\windows\system32\byxwxvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dnlqsfos.dll
C:\WINDOWS\system32\dnlqsfos.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmsmrarm.dll
C:\WINDOWS\system32\jmsmrarm.dll Has been deleted!

Attempting to delete C:\windows\system32\lsinlxlr.ini
C:\windows\system32\lsinlxlr.ini Has been deleted!

Attempting to delete C:\windows\system32\mrarmsmj.ini
C:\windows\system32\mrarmsmj.ini Has been deleted!

Attempting to delete C:\windows\system32\nqtss.ini
C:\windows\system32\nqtss.ini Has been deleted!

Attempting to delete C:\windows\system32\nqtss.ini2
C:\windows\system32\nqtss.ini2 Has been deleted!

Attempting to delete C:\windows\system32\nqtss.tmp
C:\windows\system32\nqtss.tmp Has been deleted!

Attempting to delete C:\windows\system32\rlxlnisl.dll
C:\windows\system32\rlxlnisl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqn.dll Could not be deleted.

Attempting to delete C:\windows\system32\velycdbt.exe
C:\windows\system32\velycdbt.exe Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 17:57:08 30/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddabb.dll
C:\windows\system32\sstqn.dll
C:\windows\system32\velycdbt.exe

Beginning removal...

Attempting to delete C:\windows\system32\sstqn.dll
C:\windows\system32\sstqn.dll Has been deleted!

Attempting to delete C:\windows\system32\velycdbt.exe
C:\windows\system32\velycdbt.exe Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 18:23:12 30/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddabb.dll
C:\windows\system32\velycdbt.exe

Beginning removal...

Attempting to delete C:\windows\system32\velycdbt.exe
C:\windows\system32\velycdbt.exe Could not be deleted.

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 18:33:33, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\velycdbt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
G:\Unzipped\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A62DFE1-A306-4875-B8B1-513ADC183301} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {3CFE61F3-82E4-4EF0-9333-E61FFACB6D2D} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: H - {875DFA42-0F20-449b-B8AE-4795E5A30B98} - rsewwssewe_.dll (file missing)
O2 - BHO: (no name) - {B6C43182-63AE-4F13-9980-714EB0A6CB3F} - C:\WINDOWS\system32\byxwxvu.dll (file missing)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan....bs/nanoinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/templates/...bcontrol012.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{528276D9-F64A-4246-9BB2-8F2088260E1D}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingfc32 - wingfc32.dll (file missing)
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
O20 - Winlogon Notify: winuns32 - C:\WINDOWS\SYSTEM32\winuns32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\velycdbt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[rridgely]

Download Killbox from Here

Click killbox.exe

Select the option "Delete on reboot".

Click the button: All Files (Important!)
Now it should flash green.

Next copy the contents of the code box to clipboard by left clicking and covering the text then right click inside the highlighted area and choose Copy:

C:\WINDOWS\SYSTEM32\winrkq32.dll
C:\WINDOWS\SYSTEM32\winuns32.dll

After copying the above text to Clipboard click File on the killbox menu bar and choose Paste From Clipboard

Then press the Delete File button (Red Circle with a White X).
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

Post a new hijackthis log.

[deekay]

Feels like progress to me....?

Logfile of HijackThis v1.99.1
Scan saved at 19:34:21, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\velycdbt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dave.DAVEENYO-0LUIOH\Application Data\hidires\hidr.exe
C:\WINDOWS\Explorer.EXE
G:\Unzipped\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A62DFE1-A306-4875-B8B1-513ADC183301} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {3CFE61F3-82E4-4EF0-9333-E61FFACB6D2D} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: H - {875DFA42-0F20-449b-B8AE-4795E5A30B98} - rsewwssewe_.dll (file missing)
O2 - BHO: (no name) - {B6C43182-63AE-4F13-9980-714EB0A6CB3F} - C:\WINDOWS\system32\byxwxvu.dll (file missing)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Dave.DAVEENYO-0LUIOH\Application Data\hidires\hidr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan....bs/nanoinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/templates/...bcontrol012.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15008/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingfc32 - wingfc32.dll (file missing)
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\velycdbt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[rridgely]

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.

• Please remember to register for your Activation Code using a legitimate email address.
  
• Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:
  
  
  
  
• Then please update the program and run a scan on "My Computer". Allow it to neutralize all that it finds.
  
• When done, launch Active Virus Shield's main window.
  
  
  
  
• Click the "Scan" button on the left, and then click "Detected".
  
  
  
  
• In the next window, click the "Save As" button to save a copy of the log.
  
• Copy and paste that log in your next reply.

----------

Download Superantispyware

• Load Superantispyware and click the check for updates button.
  
• Once the update is finished click the scan your computer button.
  
• Check Perform Complete Scan and then next.
  
• Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  
• Make sure that they all have a check next to them and press next.
  
• Click finish and you will be taken back to the main interface.
  
• Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  
• Copy and paste the log onto the forum.

Come back with the AOL log, the superantispyware, and a new hijackthis log.

[deekay]

I didn't get so far this time. I was unable to install AVS:

'Error 1304. Error writing to file C:\Program files\AOL\Active Virus Shield\qvp.exe. Verify that you have access to that directory'.

Sorry to keep bothering you!!

[rridgely]

Not a problem. I missed something when I had you run killbox, I should have had you remove a few other things.

Download Killbox from Here

Click killbox.exe

Select the option "Delete on reboot".

Click the button: All Files (Important!)
Now it should flash green.

Next copy the contents of the code box to clipboard by left clicking and covering the text then right click inside the highlighted area and choose Copy:

C:\Documents and Settings\Dave.DAVEENYO-0LUIOH\Application Data\hidires\hidr.exe
C:\WINDOWS\system32\hldrrr.exe

After copying the above text to Clipboard click File on the killbox menu bar and choose Paste From Clipboard

Then press the Delete File button (Red Circle with a White X).
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.
------------------

Once your computer is back up then try to install AVS again.

[deekay]

All seemed to go pretty smoothly!

Please find the logs below. I'm now running AVS and Superantispyware on startup.

AOL AVS

Scan My Computer
----------------
Scanned: 350665
Detected: 46
Untreated: 0
Start time: 01/07/2007 02:34:18
Duration: 06:10:46
Finish time: 01/07/2007 08:45:04


Detected
--------
Status Object
------ ------
will be deleted when the computer is restarted: Trojan program Trojan.Win32.Agent.aoy File: C:\WINDOWS\system32\velycdbt.exe
deleted: Trojan program Trojan-Spy.Win32.Banker.cnx File: C:\WINDOWS\system32\rsewwssewe_.dll/UPack
deleted: Trojan program Trojan-Downloader.Win32.Alphabet.gen File: C:\System Volume Information\_restore{0A68386B-CD0D-48B7-B1F1-06353158C87C}\RP1030\A0338576.exe/PE_Patch.PECompact/PecBundle/PECompact
deleted: Trojan program Trojan.Win32.Agent.anr File: C:\System Volume Information\_restore{0A68386B-CD0D-48B7-B1F1-06353158C87C}\RP1033\A0339505.exe
deleted: Trojan program Trojan-Downloader.Win32.Tiny.id File: C:\System Volume Information\_restore{0A68386B-CD0D-48B7-B1F1-06353158C87C}\RP1033\A0339506.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.jp File: C:\System Volume Information\_restore{0A68386B-CD0D-48B7-B1F1-06353158C87C}\RP1033\A0339511.dll
deleted: Trojan program Trojan.Win32.Dialer.qn File: C:\System Volume Information\_restore{0A68386B-CD0D-48B7-B1F1-06353158C87C}\RP1033\A0339536.dll/PE_Patch.PECompact/PecBundle/PECompact
deleted: Trojan program Trojan.Win32.Dialer.qn File: C:\System Volume Information\_restore{0A68386B-CD0D-48B7-B1F1-06353158C87C}\RP1033\A0339537.dll/PE_Patch.PECompact/PecBundle/PECompact
deleted: Trojan program Trojan-Spy.Win32.Banker.cnx File: C:\System Volume Information\_restore{0A68386B-CD0D-48B7-B1F1-06353158C87C}\RP1036\A0339589.dll/UPack
deleted: Trojan program Trojan.Win32.Dialer.qn File: C:\!KillBox\winrkq32.dll/PE_Patch.PECompact/PecBundle/PECompact
deleted: Trojan program Trojan.Win32.Dialer.qn File: C:\!KillBox\winuns32.dll/PE_Patch.PECompact/PecBundle/PECompact
deleted: Trojan program Backdoor.Win32.Iroffer.1217 File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine6475CDF.exe/CryptFF/svchost1.exe
deleted: Trojan program Backdoor.Win32.ServU-based File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine6475CDF.exe/CryptFF/system.exe
deleted: Trojan program Trojan.BAT.Zapchast File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine6475CDF.exe/CryptFF/setup.bat
deleted: adware not-a-virus:AdWare.Win32.BiSpy.n File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine7104EF8.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.BiSpy.o File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\QuarantineFA6564B.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.BiSpy.p File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\129E2F26.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.BiSpy.n File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1AF120E5.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.BiSpy.p File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\1EC723B6.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.PowerScan.b File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\29C102F4.exe/CryptFF/UPX
deleted: adware not-a-virus:AdWare.Win32.BiSpy.n File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\32F05B6E.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.BiSpy.p File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\414870F9.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.BiSpy.n File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\433C303C.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.SideFind.a File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\48B83BCB.exe/CryptFF/UPX
deleted: adware not-a-virus:AdWare.Win32.BiSpy.o File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\4CD92CF8.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.BiSpy.t File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\539D0345.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.BiSpy.p File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\53A02D41.dll/CryptFF
deleted: adware not-a-virus:AdWare.Win32.BiSpy.n File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\53A3573E.dll/CryptFF
deleted: malware not-virus:BadJoke.Win32.JepRuss File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\53AA2B37.exe/CryptFF
deleted: adware not-a-virus:AdWare.Win32.PowerScan.b File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\53B3292C.exe/CryptFF/UPX
deleted: adware not-a-virus:AdWare.Win32.BiSpy.p File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\53B3292C.tmp/CryptFF
deleted: adware not-a-virus:AdWare.Win32.BiSpy.p File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\53C1511D.tmp/CryptFF
deleted: malware Exploit.Java.ByteVerify File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\56C23514.zip/CryptFF\BlackBox.class
deleted: malware Exploit.Java.ByteVerify File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\56C23514.zip/CryptFF\VerifierBug.class
deleted: Trojan program Trojan-Downloader.Java.OpenConnection.aa File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\56C23514.zip/CryptFF\Beyond.class
deleted: malware Exploit.HTML.Mht (modification) File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\57965E2B.htm/CryptFF
deleted: adware not-a-virus:AdWare.Win32.SaveNow.z File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\580372EF.exe/CryptFF/data0001.cab\VVSN.exe
deleted: malware not-virus:BadJoke.Win32.FakeDel.e File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\6E5222A3.exe/CryptFF
deleted: adware not-a-virus:AdWare.Win32.BiSpy.o File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus\Quarantine\72A7118E.dll/CryptFF
deleted: Trojan program Trojan.JS.Seeker-based File: C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\U5A1IJ03\free-cellphone-mobile-ringtones-logos-sms.co[1].htm
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.jp File: C:\VundoFix Backups\byxwxvu.dll.bad
deleted: Trojan program Trojan.Win32.Agent.aoy File: C:\VundoFix Backups\velycdbt.exe.bad
deleted: Trojan program Trojan-Downloader.Win32.LoadAdv.gen File: G:\My Downloads\acon_digital_media_acoustica_keygen.exe/data.rar\keygen.exe/PE_Patch.UPX/UPX
deleted: Trojan program Trojan.Win32.Agent.apt File: G:\My Downloads\acon_digital_media_acoustica_keygen.exe/data.rar\crack.exe/PE_Patch.PECompact
deleted: Trojan program Trojan.Win32.Dialer.qn File: G:\My Downloads\acon_digital_media_acoustica_keygen.exe/data.rar\serial.exe
deleted: Trojan program Trojan-Downloader.Win32.Agent.bls File: G:\My Downloads\acon_digital_media_acoustica_keygen.exe/data.rar\install.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX


Events
------
Time Name Status Reason
---- ---- ------ ------


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archived Compressed Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ---------- ------------------ ---------
Total 350665 51 51 0 0 3914 1048 1313 4
System Memory 2409 1 1 0 0 1 3 0 0
Startup Objects 3638 4 4 0 0 48 48 26 0
System Restore 20899 7 7 0 0 317 65 1261 0
Mailboxes 482 0 0 0 0 290 19 0 0
All Hard Drives 321850 39 39 0 0 3231 903 26 4
All Removable Drives 1387 0 0 0 0 27 10 0 0


Settings
--------
Name Value
---- -----
Security Level Recommended
Action Prompt for action when the scan is complete
File types All
Scan new and changed files only No
Scan archives All
Scan embedded OLE objects All
Skip if object is greater than No
Skip if scan takes longer than No
Parse e-mail formats No
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Show detected threats on "Detected" tab Yes



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2007 at 09:59 AM

Application Version : 3.9.1008

Core Rules Database Version : 3263
Trace Rules Database Version: 1274

Scan type : Complete Scan
Total Scan Time : 00:58:46

Memory items scanned : 359
Memory threats detected : 0
Registry items scanned : 8039
Registry threats detected : 36
File items scanned : 49836
File threats detected : 29

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{0A62DFE1-A306-4875-B8B1-513ADC183301}
HKCR\CLSID\{0A62DFE1-A306-4875-B8B1-513ADC183301}
HKCR\CLSID\{0A62DFE1-A306-4875-B8B1-513ADC183301}\InprocServer32
HKCR\CLSID\{0A62DFE1-A306-4875-B8B1-513ADC183301}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSTQN.DLL
HKLM\Software\Classes\CLSID\{C57DD4D4-A9E9-46CF-88C8-B050E5D4D4E4}
HKCR\CLSID\{C57DD4D4-A9E9-46CF-88C8-B050E5D4D4E4}
HKCR\CLSID\{C57DD4D4-A9E9-46CF-88C8-B050E5D4D4E4}\InprocServer32
HKCR\CLSID\{C57DD4D4-A9E9-46CF-88C8-B050E5D4D4E4}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{F1AAD84D-A129-48E8-A4E6-B14E363C291C}
HKCR\CLSID\{F1AAD84D-A129-48E8-A4E6-B14E363C291C}
HKCR\CLSID\{F1AAD84D-A129-48E8-A4E6-B14E363C291C}\InprocServer32
HKCR\CLSID\{F1AAD84D-A129-48E8-A4E6-B14E363C291C}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A62DFE1-A306-4875-B8B1-513ADC183301}

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{3CFE61F3-82E4-4EF0-9333-E61FFACB6D2D}
HKCR\CLSID\{3CFE61F3-82E4-4EF0-9333-E61FFACB6D2D}
HKCR\CLSID\{3CFE61F3-82E4-4EF0-9333-E61FFACB6D2D}\InprocServer32
HKCR\CLSID\{3CFE61F3-82E4-4EF0-9333-E61FFACB6D2D}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DDABB.DLL
HKLM\Software\Classes\CLSID\{BAD5ACB2-CCE8-4DB2-B88B-479ADA73372B}
HKCR\CLSID\{BAD5ACB2-CCE8-4DB2-B88B-479ADA73372B}
HKCR\CLSID\{BAD5ACB2-CCE8-4DB2-B88B-479ADA73372B}\InprocServer32
HKCR\CLSID\{BAD5ACB2-CCE8-4DB2-B88B-479ADA73372B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{E7340FA3-BA1F-42AA-8166-81F5AF6FC8CA}
HKCR\CLSID\{E7340FA3-BA1F-42AA-8166-81F5AF6FC8CA}
HKCR\CLSID\{E7340FA3-BA1F-42AA-8166-81F5AF6FC8CA}\InprocServer32
HKCR\CLSID\{E7340FA3-BA1F-42AA-8166-81F5AF6FC8CA}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CFE61F3-82E4-4EF0-9333-E61FFACB6D2D}

Adware.Tracking Cookie
C:\Documents and Settings\Dave.DAVEENYO-0LUIOH\Cookies\dave@atdmt[1].txt
C:\Documents and Settings\Dave.DAVEENYO-0LUIOH\Cookies\dave@counter.hitslink[1].txt
C:\Documents and Settings\Dave.DAVEENYO-0LUIOH\Cookies\dave@advertising[1].txt
C:\Documents and Settings\Dave.DAVEENYO-0LUIOH\Cookies\dave@statcounter[1].txt
C:\Documents and Settings\Dave.DAVEENYO-0LUIOH\Cookies\dave@2o7[1].txt
C:\Documents and Settings\Dave\Cookies\dave@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Dave\Cookies\dave@doubleclick[1].txt
C:\Documents and Settings\Dave\Cookies\dave@mediaplex[1].txt
C:\Documents and Settings\Dave\Cookies\dave@statse.webtrendslive[1].txt
C:\Documents and Settings\Dave\Cookies\dave@tradedoubler[1].txt
C:\Documents and Settings\Dave\Cookies\dave@weborama[1].txt
C:\Documents and Settings\Dave\Cookies\dave@windowsmedia[2].txt
C:\Documents and Settings\Dave\Cookies\dave@www.dgm2[1].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@2o7[1].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@advertising[1].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@atdmt[2].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@ehg-micron.hitbox[2].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@fastclick[2].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@hg1.hitbox[1].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@hitbox[1].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@realmedia[1].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@servedby.advertising[1].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@statse.webtrendslive[1].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@valueclick[2].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@xiti[1].txt
C:\Documents and Settings\Dave.DAVE-K67PPIZ9CL\Cookies\dave@z1.adserver[1].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#LID

Trojan.Malware
HKCR\MezziaCodec.Chl
HKCR\MezziaCodec.Chl\CLSID





Logfile of HijackThis v1.99.1
Scan saved at 10:06:15, on 01/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
G:\Unzipped\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: H - {875DFA42-0F20-449b-B8AE-4795E5A30B98} - rsewwssewe_.dll (file missing)
O2 - BHO: (no name) - {B6C43182-63AE-4F13-9980-714EB0A6CB3F} - C:\WINDOWS\system32\byxwxvu.dll (file missing)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Dave.DAVEENYO-0LUIOH\Application Data\hidires\hidr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan....bs/nanoinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/templates/...bcontrol012.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15008/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wingfc32 - wingfc32.dll (file missing)
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[rridgely]

Open hijackthis and run a system scan. Then check off the following entries:

O2 - BHO: H - {875DFA42-0F20-449b-B8AE-4795E5A30B98} - rsewwssewe_.dll (file missing)
O2 - BHO: (no name) - {B6C43182-63AE-4F13-9980-714EB0A6CB3F} - C:\WINDOWS\system32\byxwxvu.dll (file missing)
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Dave.DAVEENYO-0LUIOH\Application Data\hidires\hidr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: wingfc32 - wingfc32.dll (file missing)
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)

Now press "fix checked" and exit hijackthis.

Reboot your computer then come back and post a new hijackthis log. Let me know if your computer seems back to normal.

[deekay]

It seems a lot better now! Very slow to boot up (about 4-5 minutes before I'm able to run anything).



Logfile of HijackThis v1.99.1
Scan saved at 19:22:29, on 01/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
G:\Unzipped\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan....bs/nanoinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/templates/...bcontrol012.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{528276D9-F64A-4246-9BB2-8F2088260E1D}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[rridgely]

The log looks good. Lets clean up those restore points first so you can have some dependable clean ones.

To Flush the infected restore points:

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.


------------

Now to speed up your start up.
You can go ahead and uninstall superantsipyware. Its a great program but I have noticed it causing slow down on start up before.
Also I see you have trojanscanner and A squared. I wouldn't run these on start up and if they are just trials I would get rid of them.

AVG antispyware you should keep. But if you right click the icon on your system tray you can disable it from running at start up. Also you can go into the interface and disable its guard function. That way you can just open it up every now and then and manually update it and run a scan.(its just a trial but once its trial is up you can still update and scan with it)

If you bought norton 2007 and you want to use it you should now uninstall AOL Active Virus shield and put norton on. However if that norton you had was just a trial I would stick with AOL.(its a better program and its free.)


Let me know after doing all that if your start up is faster.

[deekay]

Starting up faster than ever and (hopefully) virus-free!!

Thanks ever so much for your help over the last few days - it's been traumatic for my part!!

[rridgely]

Glad everything is back to normal.
If you notice any problems feel free to come back for more help.