Trojans & Malware keep coming back after removal - Can I be saved?

Recently I had to uninstall Bitdefender due to some issues with the program which caused it to stop working.
The uninstall was successful as far as I can tell, so I was asked to complete the uninstall to re-boot.
After re-boot I got a C000021a BSOD appear. I managed to restore my system but the "repair" option with my Win XP Pro disc. However bitdefender did find some virus before all this happened and either quarantined the virus or deleted the file, but several kept coming back.

Also the SVCHOST.EXE programs are talking up quite a bit of CPU.

Unfortunately now I am without an Anti-virus for the time being and hopefully can get some advice if i should install one while I am being helped with the removal of the trojans and malware still on my system.

I have used both MalwareBytes & Xoftspy to find and remove any nasties but they seem to keep coming back.

I have attached a report for MalwareBytes also just incase it needs to be viewed

I hope I am talking the right steps in preparing for this help process.

I just hope I can get this cleaned and not have to resort to a total new install.

Many thanks in advance.

Moderator note - see here http://www.windowsbbs.com/windows-xp/81911-c000021a-fatal-erro-bsod-cant-get-any-option-f8.html


DDS (Ver_09-02-01.01) - NTFSx86
Run by FR33DoM at 15:15:40.43 on Sun 01/03/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1348 [GMT 7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Stickies\stickies.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
svchost.exe C:\WINDOWS\TEMP\VRT3.tmp
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Howies Quick Screen Capture\HQScreen.exe
C:\Program Files\Samsung PC Studio 3\Launcher.exe
C:\Program Files\Samsung PC Studio 3\ConMgr.exe
C:\Program Files\Samsung PC Studio 3\mm.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\FR33DoM\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
mSearch Page = hxxp://www.msn.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Registry Cleaner Scheduler] "c:\program files\cleanmypc\registry cleaner\RCHelper.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe "
mRun: [nwiz] nwiz.exe /installquiet
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\docume~1\fr33dom\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fr33dom\applic~1\mozilla\firefox\profiles\m8dgj8cs.default\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-1 179856]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-2-11 603904]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-9-18 54960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-1 15504]
RUnknown synsend;synsend; [x]
S1 ethurkap;ethurkap;c:\windows\system32\drivers\ethurkap.sys --> c:\windows\system32\drivers\ethurkap.sys [?]
SUnknown waajc;waajc; [x]
UnknownUnknown restore;restore; [x]

=============== Created Last 30 ================

2009-03-01 13:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-01 13:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 13:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 13:07 <DIR> --d----- c:\windows\pss
2009-03-01 12:57 120 a------- c:\windows\system32\13.tmp
2009-03-01 11:07 24,577 a------- c:\windows\system32\16.tmp
2009-03-01 11:07 120 a------- c:\windows\system32\14.tmp
2009-03-01 10:55 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-03-01 10:53 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2009-03-01 10:52 400,384 ac------ c:\windows\system32\dllcache\fxsxp32.dll
2009-03-01 10:51 275,968 ac------ c:\windows\system32\dllcache\certwiz.ocx
2009-03-01 10:51 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-03-01 10:51 76,288 ac------ c:\windows\system32\dllcache\cnfgprts.ocx
2009-03-01 10:51 46,592 ac------ c:\windows\system32\dllcache\coadmin.dll
2009-03-01 10:51 290,816 ac------ c:\windows\system32\dllcache\adsiis51.dll
2009-03-01 10:51 43,520 ac------ c:\windows\system32\dllcache\admwprox.dll
2009-03-01 10:51 20,540 ac------ c:\windows\system32\dllcache\author.dll
2009-03-01 10:51 20,540 ac------ c:\windows\system32\dllcache\admin.dll
2009-03-01 10:49 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-03-01 10:49 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-03-01 10:49 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-01 10:49 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-03-01 10:49 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-03-01 10:49 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-02-27 19:56 22,339 a----r-- c:\windows\SET90.tmp
2009-02-27 19:56 10,559 a----r-- c:\windows\SET91.tmp
2009-02-27 19:55 13,753 a----r-- c:\windows\SET55.tmp
2009-02-27 19:55 1,086,058 a----r-- c:\windows\SET49.tmp
2009-02-27 19:55 1,042,903 a----r-- c:\windows\SET46.tmp
2009-02-27 17:00 33,351 a------- c:\windows\system32\drivers\str.sys
2009-02-27 11:56 221,184 a------- c:\windows\system32\wmpns.dll
2009-02-27 11:49 189,001 a------- c:\windows\system32\nvapps.nvb
2009-02-27 11:42 1,355 a------- c:\windows\imsins.BAK
2009-02-27 11:41 304,110 a------- c:\windows\setupapi.old
2009-02-23 22:01 334,792 a------- c:\windows\system32\_AxShlEx.dll
2009-02-19 05:04 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-19 05:04 208,744 a------- c:\windows\system32\muweb.dll
2009-02-19 05:04 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-18 11:09 <DIR> --d----- c:\documents and settings\fr33dom\Tracing
2009-02-18 11:05 <DIR> --d----- c:\program files\Microsoft
2009-02-18 11:05 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-18 10:40 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-16 18:29 31,280 a----r-- c:\windows\system32\drivers\vmusb.sys
2009-02-16 17:28 55,856 a----r-- c:\windows\system32\vnetinst.dll
2009-02-16 17:28 16,560 a----r-- c:\windows\system32\drivers\vmnetadapter.sys
2009-02-16 17:28 326,192 a------- c:\windows\system32\vmnetdhcp.exe
2009-02-16 17:28 399,920 a------- c:\windows\system32\vmnat.exe
2009-02-16 17:28 26,288 a------- c:\windows\system32\drivers\vmnetuserif.sys
2009-02-16 17:28 31,280 a----r-- c:\windows\system32\drivers\vmnetbridge.sys
2009-02-16 17:28 18,736 a----r-- c:\windows\system32\drivers\vmnet.sys
2009-02-16 17:28 50,736 a------- c:\windows\system32\vmnetbridge.dll
2009-02-16 17:28 723,504 a------- c:\windows\system32\vnetlib.dll
2009-02-16 17:27 23,216 a------- c:\windows\system32\drivers\VMkbd.sys
2009-02-16 17:25 <DIR> --d----- c:\program files\VMware
2009-02-16 12:22 <DIR> --d----- c:\program files\Yahoo!
2009-02-15 23:15 815 a------- C:\rtsr_eml_sr.dat
2009-02-15 23:15 128 a------- C:\dwl.dat
2009-02-15 23:11 16 a------- C:\asdict.dat
2009-02-15 10:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-15 10:45 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-15 10:45 <DIR> --d----- c:\docume~1\fr33dom\applic~1\SUPERAntiSpyware.com
2009-02-13 21:07 <DIR> --d----- c:\program files\PowerDVD6
2009-02-13 20:06 <DIR> --d----- c:\program files\VideoLAN
2009-02-13 18:17 <DIR> --d----- c:\windows\RegisteredPackages
2009-02-13 13:23 376 a------- c:\windows\ODBC.INI
2009-02-13 13:22 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-02-13 13:22 <DIR> --d-h--- c:\windows\ShellNew
2009-02-13 11:24 <DIR> --d----- c:\docume~1\fr33dom\applic~1\Samsung
2009-02-13 11:18 22,486 a----r-- c:\windows\system32\UnInstall_Sample.ico
2009-02-13 11:18 <DIR> --d----- c:\program files\Samsung PC Studio 3 Samples
2009-02-13 11:15 22,486 a----r-- c:\windows\system32\UnInstall_Driver.ico
2009-02-13 11:15 <DIR> --d----- c:\program files\Samsung
2009-02-13 11:15 94,000 a------- c:\windows\system32\drivers\ss_mdm.sys
2009-02-13 11:15 58,320 a------- c:\windows\system32\drivers\ss_bus.sys
2009-02-13 11:15 8,304 a------- c:\windows\system32\drivers\ss_mdfl.sys
2009-02-13 11:15 6,144 a------- c:\windows\system32\drivers\ss_cmnt.sys
2009-02-13 11:15 6,144 a------- c:\windows\system32\drivers\ss_cm.sys
2009-02-13 11:15 5,808 a------- c:\windows\system32\drivers\ss_whnt.sys
2009-02-13 11:15 5,808 a------- c:\windows\system32\drivers\ss_wh.sys
2009-02-13 11:15 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-02-13 11:14 766 a------- c:\windows\system32\Uninstall.ico
2009-02-13 11:14 <DIR> --d----- c:\windows\system32\Samsung PC Studio Codecs
2009-02-13 11:14 <DIR> --d----- c:\program files\Samsung PC Studio 3
2009-02-12 16:20 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-12 16:20 22,752 a------- c:\windows\system32\spupdsvc.exe
2009-02-12 14:32 <DIR> --d----- c:\program files\CleanMyPC
2009-02-12 12:32 <DIR> --d----- c:\docume~1\fr33dom\applic~1\Malwarebytes
2009-02-12 12:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-12 11:30 <DIR> --d----- c:\docume~1\fr33dom\applic~1\stickies
2009-02-12 11:27 <DIR> --d----- c:\program files\Stickies
2009-02-12 11:16 491 a------- c:\windows\system32\BDUpdateV1.xml
2009-02-12 10:52 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-12 10:52 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-12 00:22 132 a------- C:\httpdwl.dat
2009-02-12 00:03 81,984 a------- c:\windows\system32\bdod.bin
2009-02-12 00:00 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-02-11 23:59 57,472 a------- c:\windows\system32\drivers\redbook.sys
2009-02-11 23:59 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-02-11 23:57 <DIR> --d----- c:\program files\common files\ODBC
2009-02-11 23:57 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-02-11 23:56 66,082 ac------ c:\windows\system32\dllcache\c_28594.nls
2009-02-11 23:56 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-02-11 23:55 <DIR> --d----- C:\Documents and Settings
2009-02-11 23:54 288 a------- c:\windows\system32\$winnt$.inf
2009-02-11 23:15 <DIR> --d----- c:\program files\IrfanView
2009-02-11 23:12 <DIR> --d----- c:\program files\QuickPar
2009-02-11 23:05 <DIR> --d----- c:\program files\GrabIt
2009-02-11 23:00 <DIR> --d----- c:\program files\XoftSpySE
2009-02-11 22:58 <DIR> --ds---- c:\documents and settings\fr33dom\UserData
2009-02-11 22:46 <DIR> --d----- c:\program files\Howies Quick Screen Capture
2009-02-11 22:18 <DIR> --d----- c:\program files\MozBackup
2009-02-11 21:04 <DIR> --d----- c:\docume~1\fr33dom\applic~1\TuneUp Software
2009-02-11 21:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-02-11 21:04 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-02-11 21:03 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-11 20:54 <DIR> --d----- c:\program files\Ace Utilities
2009-02-11 19:18 <DIR> --d----- c:\docume~1\fr33dom\applic~1\URSoft
2009-02-11 19:17 <DIR> --d----- c:\program files\Your Uninstaller 2008
2009-02-11 18:35 <DIR> --d----- c:\program files\Synaptics
2009-02-11 18:33 <DIR> --d----- c:\program files\CONEXANT
2009-02-11 18:32 <DIR> --d----- c:\program files\Conexant Modem Helper
2009-02-11 18:29 <DIR> --d----- c:\program files\SigmaTel
2009-02-11 18:26 <DIR> --d----- c:\program files\Dell
2009-02-11 18:23 <DIR> --d----- c:\docume~1\fr33dom\applic~1\Intel
2009-02-11 18:20 <DIR> --d----- c:\program files\Broadcom
2009-02-11 17:11 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-02-11 17:11 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-02-11 17:10 <DIR> --d----- c:\program files\common files\MSSoap
2009-02-11 17:08 <DIR> --d----- c:\program files\Online Services
2009-02-11 17:08 <DIR> --d----- c:\program files\Messenger
2009-02-11 17:08 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-02-11 17:07 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-03-01 11:01 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-03-01 10:48 23,392 a------- c:\windows\system32\emptyregdb.dat
2009-02-28 09:58 53,697 a------- c:\windows\system32\nvModes.dat
2009-02-15 12:11 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-11 21:04 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-02-11 21:04 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-02-11 18:41 5 a------- c:\windows\system32\drivers\DELL_XPS_MP061 .MRK
2009-02-11 18:41 5 a------- c:\windows\system32\drivers\1028_DELL_XPS_MP061 .MRK
2009-02-11 18:23 21,275 a------- c:\windows\system32\drivers\AegisP.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2008-12-11 13:31 27,904 a------- c:\windows\system32\uxtuneup.dll

============= FINISH: 15:16:02.31 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/03/2009 10:55:12 AM
System Uptime: 3/01/2009 2:03:39 PM (1369 hours ago)

Motherboard: Dell Inc. | | 0YD479
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1318/166mhz
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1997/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 107 GiB total, 24.64 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/03/2009 11:01:18 AM - System Checkpoint

==== Installed Programs ======================

Ace Utilities
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9 Lite
Choice Guard
CleanMyPC - Registry Cleaner
Conexant HDA D110 MDC V.92 Modem
Dell ResourceCD
GrabIt 1.5.2 Beta(build 902)
ImgBurn
IrfanView (remove only)
Java(TM) 6 Update 12
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft Application Error Reporting
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.6)
Mozilla Thunderbird (2.0.0.19)
mPfMgr
mPfWiz
mProSafe
mSSO
MSVCRT
mWlsSafe
mWMI
mXML
mZConfig
NVIDIA Drivers
PowerDVD
QuickPar 0.9
QuickSet
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Segoe UI
SigmaTel Audio
Stickies 6.5a
Synaptics Pointing Device Driver
TuneUp Utilities 2009
VLC media player 0.9.8a
VMware Workstation
Vodafone 804SS USB driver Software
WebFldrs XP
Winamp
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
XoftSpySE
Yahoo! Messenger
Yahoo! Toolbar
Your Uninstaller! 2008 Version 6.0

==== Event Viewer Messages From Past Week ========

22/02/2009 7:06:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
22/02/2009 7:06:41 PM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: The system cannot find the file specified.
22/02/2009 7:03:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
23/02/2009 2:01:23 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
26/02/2009 11:19:40 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
27/02/2009 9:13:28 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
27/02/2009 9:15:00 AM, error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
27/02/2009 9:18:16 AM, error: Service Control Manager [7000] - The BitDefender Virus Shield service failed to start due to the following error: The system cannot find the file specified.
27/02/2009 11:55:31 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments " " in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
27/02/2009 12:00:12 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
27/02/2009 12:03:14 PM, error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
27/02/2009 12:03:14 PM, error: Service Control Manager [7000] - The ICF service failed to start due to the following error: The system cannot find the file specified.
27/02/2009 12:03:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VMware Authorization Service service to connect.
27/02/2009 12:03:14 PM, error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/02/2009 5:03:03 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
27/02/2009 6:27:25 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0D27F43D-FC35-47D8-9B71-550F1A895CF1} because another computer on the network has the same name. The server could not start.
27/02/2009 6:36:52 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{67AA223D-1EA7-459D-A70D-A6245569C5F0} because another computer on the network has the same name. The server could not start.
27/02/2009 6:47:40 PM, error: Service Control Manager [7000] - The ICF service failed to start due to the following error: The system cannot find the path specified.
27/02/2009 10:28:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ICF service to connect.
27/02/2009 10:28:56 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
1/03/2009 10:08:14 AM, error: Service Control Manager [7028] - The waajc Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
1/03/2009 11:01:32 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0018DE1F4646 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/03/2009 12:56:03 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller
1/03/2009 2:04:14 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

 

Here is the log from MalwareBytes. After a removal these same trojans keep reappearing.

Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 2

1/03/2009 2:57:31 PM
mbam-log-2009-03-01 (14-57-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 99918
Time elapsed: 15 minute(s), 55 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\FR33DoM\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

 

Hi Maco88

I'm afraid I have some bad news.

C:\WINDOWS\system32\reader_s.exe

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=143034

Miekiemoes, one of our security team members and an MS-MVP, additionally has a blog post about Virut.

Sorry to tell you this Your only real option is a reformat.

Geri

 

Hi Geri,

Before I even read your post I was in the process of reformatting and re-installing. I bit the bullet. Last straw was when the system starting rebooting by itself, even in safe mode. Just had enough and the extra time spent will be well worth knowing my system is clean.

This sure was one nasty disease.

I am slowly checking everything now, using AVG antivirus & Kaspersky online scanner.

Just another question, I know its not good to run more than one anti-virus software, but is it ok to run (manually) multiple trojan/malware programs to check the system is clean??

Much appreciate your reply.

 

Hi Maco88

Yes that is OK, you just can't have two resident scanners running in the back round at the same time.
2 AV's or 2 Spyware Apps.

I run WebRoot SpySweeper as my resident program, But do manual scans with Malwarebytes Anti-malware.

Good luck to ya.

Surf Safely.
Geri