My Anti Spyware

[gorly]

Hi,
I've tried using spyware doctor and malwarebytes and rkill in safemode and in normal mode, but Antimalware Doctor keeps reinstalling itself.
Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:57 PM, on 7/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\DONG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DONG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DONG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-tyc8
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-tyc8
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [vqffqnrg] C:\Documents and Settings\DONG\Local Settings\Application Data\dfyxithnd\vhkyubotssd.exe
O4 - HKLM\..\Run: [wmiprves] C:\DOCUME~1\DONG\LOCALS~1\Temp\d4vdt2cz.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [uqvtxkef] C:\Documents and Settings\DONG\Local Settings\Application Data\csednusib\kfvtflqtssd.exe
O4 - HKLM\..\Run: [qkeetigo] C:\Documents and Settings\DONG\Local Settings\Application Data\swrejvxbp\rpmjpjgtssd.exe
O4 - HKLM\..\Run: [Cnemonusohomatu] rundll32.exe "C:\WINDOWS\awihoxajedec.dll",Startup
O4 - HKLM\..\Run: [iehakflb] C:\Documents and Settings\DONG\Local Settings\Application Data\cjpeqqaun\xqngkhqtssd.exe
O4 - HKLM\..\Run: [jqddnvxu] C:\Documents and Settings\DONG\Local Settings\Application Data\swoklhmbh\fhpuquytssd.exe
O4 - HKLM\..\Run: [tolaequi] C:\Documents and Settings\DONG\Local Settings\Application Data\ghjsdxgsl\ihajyrotssd.exe
O4 - HKLM\..\Run: [lttwbrjr] C:\Documents and Settings\DONG\Local Settings\Application Data\juvjvpihg\kmfwfpltssd.exe
O4 - HKLM\..\Run: [fhaigkid] C:\Documents and Settings\DONG\Local Settings\Application Data\bvehbahdx\mjicfiutssd.exe
O4 - HKLM\..\Run: [gqnbgvgo] C:\Documents and Settings\DONG\Local Settings\Application Data\leppvjgmj\nekrcgutssd.exe
O4 - HKLM\..\Run: [oeohrbtt] C:\Documents and Settings\DONG\Local Settings\Application Data\jgqepwxvb\pqstksxtssd.exe
O4 - HKLM\..\Run: [jfqcpele] C:\Documents and Settings\DONG\Local Settings\Application Data\ksqcaxhur\tddaeibtssd.exe
O4 - HKLM\..\Run: [sccsddxo] C:\Documents and Settings\DONG\Local Settings\Application Data\sagapibxl\ujedkvgtssd.exe
O4 - HKLM\..\Run: [acumhoax] C:\Documents and Settings\DONG\Local Settings\Application Data\xnojhkgqk\exvwblqtssd.exe
O4 - HKLM\..\Run: [kgnkpwtu] C:\Documents and Settings\DONG\Local Settings\Application Data\kotyyuwxx\flvomfetssd.exe
O4 - HKLM\..\Run: [qopbcbxx] C:\Documents and Settings\DONG\Local Settings\Application Data\ffyslekhp\kswfpdstssd.exe
O4 - HKLM\..\Run: [xaenfwoh] C:\Documents and Settings\DONG\Local Settings\Application Data\tiljvewsf\lugotpvtssd.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DONG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [vqffqnrg] C:\Documents and Settings\DONG\Local Settings\Application Data\dfyxithnd\vhkyubotssd.exe
O4 - HKCU\..\Run: [Ejubofafahina] rundll32.exe "C:\WINDOWS\rvst31.dll",Startup
O4 - HKCU\..\Run: [uqvtxkef] C:\Documents and Settings\DONG\Local Settings\Application Data\csednusib\kfvtflqtssd.exe
O4 - HKCU\..\Run: [qkeetigo] C:\Documents and Settings\DONG\Local Settings\Application Data\swrejvxbp\rpmjpjgtssd.exe
O4 - HKCU\..\Run: [iehakflb] C:\Documents and Settings\DONG\Local Settings\Application Data\cjpeqqaun\xqngkhqtssd.exe
O4 - HKCU\..\Run: [jqddnvxu] C:\Documents and Settings\DONG\Local Settings\Application Data\swoklhmbh\fhpuquytssd.exe
O4 - HKCU\..\Run: [tolaequi] C:\Documents and Settings\DONG\Local Settings\Application Data\ghjsdxgsl\ihajyrotssd.exe
O4 - HKCU\..\Run: [lttwbrjr] C:\Documents and Settings\DONG\Local Settings\Application Data\juvjvpihg\kmfwfpltssd.exe
O4 - HKCU\..\Run: [fhaigkid] C:\Documents and Settings\DONG\Local Settings\Application Data\bvehbahdx\mjicfiutssd.exe
O4 - HKCU\..\Run: [gqnbgvgo] C:\Documents and Settings\DONG\Local Settings\Application Data\leppvjgmj\nekrcgutssd.exe
O4 - HKCU\..\Run: [oeohrbtt] C:\Documents and Settings\DONG\Local Settings\Application Data\jgqepwxvb\pqstksxtssd.exe
O4 - HKCU\..\Run: [jfqcpele] C:\Documents and Settings\DONG\Local Settings\Application Data\ksqcaxhur\tddaeibtssd.exe
O4 - HKCU\..\Run: [sccsddxo] C:\Documents and Settings\DONG\Local Settings\Application Data\sagapibxl\ujedkvgtssd.exe
O4 - HKCU\..\Run: [acumhoax] C:\Documents and Settings\DONG\Local Settings\Application Data\xnojhkgqk\exvwblqtssd.exe
O4 - HKCU\..\Run: [patchsetup70700.exe] C:\Documents and Settings\DONG\Application Data\47059530934F9AAA25F88CECF8E491C0\patchsetup70700.exe
O4 - HKCU\..\Run: [kgnkpwtu] C:\Documents and Settings\DONG\Local Settings\Application Data\kotyyuwxx\flvomfetssd.exe
O4 - HKCU\..\Run: [qopbcbxx] C:\Documents and Settings\DONG\Local Settings\Application Data\ffyslekhp\kswfpdstssd.exe
O4 - HKCU\..\Run: [xaenfwoh] C:\Documents and Settings\DONG\Local Settings\Application Data\tiljvewsf\lugotpvtssd.exe
O4 - HKLM\..\Policies\Explorer\Run: [tcyz46] C:\DOCUME~1\DONG\LOCALS~1\Temp\l84alx.exe
O4 - Startup: Antimalware Doctor.lnk = C:\Documents and Settings\DONG\Application Data\47059530934F9AAA25F88CECF8E491C0\patchsetup70700.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17938 bytes

[12056]

Please re-run HijackThis and check the boxes next to:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 - HKLM\..\Run: [vqffqnrg] C:\Documents and Settings\DONG\Local Settings\Application Data\dfyxithnd\vhkyubotssd.exe
O4 - HKLM\..\Run: [uqvtxkef] C:\Documents and Settings\DONG\Local Settings\Application Data\csednusib\kfvtflqtssd.exe
O4 - HKLM\..\Run: [qkeetigo] C:\Documents and Settings\DONG\Local Settings\Application Data\swrejvxbp\rpmjpjgtssd.exe
O4 - HKLM\..\Run: [Cnemonusohomatu] rundll32.exe "C:\WINDOWS\awihoxajedec.dll",Startup
O4 - HKLM\..\Run: [iehakflb] C:\Documents and Settings\DONG\Local Settings\Application Data\cjpeqqaun\xqngkhqtssd.exe
O4 - HKLM\..\Run: [jqddnvxu] C:\Documents and Settings\DONG\Local Settings\Application Data\swoklhmbh\fhpuquytssd.exe
O4 - HKLM\..\Run: [tolaequi] C:\Documents and Settings\DONG\Local Settings\Application Data\ghjsdxgsl\ihajyrotssd.exe
O4 - HKLM\..\Run: [lttwbrjr] C:\Documents and Settings\DONG\Local Settings\Application Data\juvjvpihg\kmfwfpltssd.exe
O4 - HKLM\..\Run: [fhaigkid] C:\Documents and Settings\DONG\Local Settings\Application Data\bvehbahdx\mjicfiutssd.exe
O4 - HKLM\..\Run: [gqnbgvgo] C:\Documents and Settings\DONG\Local Settings\Application Data\leppvjgmj\nekrcgutssd.exe
O4 - HKLM\..\Run: [oeohrbtt] C:\Documents and Settings\DONG\Local Settings\Application Data\jgqepwxvb\pqstksxtssd.exe
O4 - HKLM\..\Run: [jfqcpele] C:\Documents and Settings\DONG\Local Settings\Application Data\ksqcaxhur\tddaeibtssd.exe
O4 - HKLM\..\Run: [sccsddxo] C:\Documents and Settings\DONG\Local Settings\Application Data\sagapibxl\ujedkvgtssd.exe
O4 - HKLM\..\Run: [acumhoax] C:\Documents and Settings\DONG\Local Settings\Application Data\xnojhkgqk\exvwblqtssd.exe
O4 - HKLM\..\Run: [kgnkpwtu] C:\Documents and Settings\DONG\Local Settings\Application Data\kotyyuwxx\flvomfetssd.exe
04 - HKLM\..\Run: [qopbcbxx] C:\Documents and Settings\DONG\Local Settings\Application Data\ffyslekhp\kswfpdstssd.exe
O4 - HKLM\..\Run: [xaenfwoh] C:\Documents and Settings\DONG\Local Settings\Application Data\tiljvewsf\lugotpvtssd.exe
O4 - HKLM\..\Policies\Explorer\Run: [tcyz46] C:\DOCUME~1\DONG\LOCALS~1\Temp\l84alx.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - HKCU\..\Run: [vqffqnrg] C:\Documents and Settings\DONG\Local Settings\Application Data\dfyxithnd\vhkyubotssd.exe

O4 - HKCU\..\Run: [Ejubofafahina] rundll32.exe "C:\WINDOWS\rvst31.dll",Startup

O4 - HKCU\..\Run: [uqvtxkef] C:\Documents and Settings\DONG\Local Settings\Application Data\csednusib\kfvtflqtssd.exe

O4 - HKCU\..\Run: [qkeetigo] C:\Documents and Settings\DONG\Local Settings\Application Data\swrejvxbp\rpmjpjgtssd.exe

O4 - HKCU\..\Run: [iehakflb] C:\Documents and Settings\DONG\Local Settings\Application Data\cjpeqqaun\xqngkhqtssd.exe

O4 - HKCU\..\Run: [jqddnvxu] C:\Documents and Settings\DONG\Local Settings\Application Data\swoklhmbh\fhpuquytssd.exe

O4 - HKCU\..\Run: [tolaequi] C:\Documents and Settings\DONG\Local Settings\Application Data\ghjsdxgsl\ihajyrotssd.exe

O4 - HKCU\..\Run: [lttwbrjr] C:\Documents and Settings\DONG\Local Settings\Application Data\juvjvpihg\kmfwfpltssd.exe

O4 - HKCU\..\Run: [fhaigkid] C:\Documents and Settings\DONG\Local Settings\Application Data\bvehbahdx\mjicfiutssd.exe

O4 - HKCU\..\Run: [gqnbgvgo] C:\Documents and Settings\DONG\Local Settings\Application Data\leppvjgmj\nekrcgutssd.exe

O4 - HKCU\..\Run: [oeohrbtt] C:\Documents and Settings\DONG\Local Settings\Application Data\jgqepwxvb\pqstksxtssd.exe

O4 - HKCU\..\Run: [jfqcpele] C:\Documents and Settings\DONG\Local Settings\Application Data\ksqcaxhur\tddaeibtssd.exe

O4 - HKCU\..\Run: [sccsddxo] C:\Documents and Settings\DONG\Local Settings\Application Data\sagapibxl\ujedkvgtssd.exe
O4 - HKCU\..\Run: [acumhoax] C:\Documents and Settings\DONG\Local Settings\Application Data\xnojhkgqk\exvwblqtssd.exe
O4 - Startup: Antimalware Doctor.lnk = C:\Documents and Settings\DONG\Application Data\47059530934F9AAA25F88CECF8E491C0\patchsetup70700.exe

Then click, "Fix Checked" to remove the above items, then restart your computer...

After you have restarted your computer, please download and run Norman Malware Cleaner from (http://www.norman.com/support/support_tools/58732/)
Norman Malware Cleaner, will automatically remove and/or repair any infections found, please attach the log file to your next post.

[gorly]

Hm my computer acted up late last night with the scanning and when I tried to run the program again, it wouldn't work. It also didn't run when I redownloaded it. From what I got last night:

Deleted file

C:\Program Files\AIM6\aim6.exe (Infected with W32/Smalltroj.YGBN)
Terminated process
Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run -> Aim6 = ""C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp"
Removed registry value: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Program Files\AIM6\aim6.exe = "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
Removed registry value: HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> C:\Program Files\AIM6\aim6.exe = "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
Removed link file: C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
Removed link file: C:\Documents and Settings\DONG\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.lnk
Deleted file

Number of processes/threads found: 5830
Number of processes/threads scanned: 5829
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 2
Total scanning time: 19m 7s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Documents and Settings\All Users\Application Data\Update\seupd.exe (Infected with W32/Smalltroj.YRFE)
Deleted file

C:\Documents and Settings\DONG\Application Data\47059530934F9AAA25F88CECF8E491C0\enemies-names.txt (Infected with TXT/JunkFile.BL)
Deleted file

C:\Documents and Settings\DONG\Application Data\47059530934F9AAA25F88CECF8E491C0\patchsetup70700.exe (Infected with W32/Suspicious_Gen2.BSALR)
Removed link file: C:\Documents and Settings\DONG\Start Menu\Antimalware Doctor.lnk
Removed link file: C:\Documents and Settings\DONG\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
Deleted file

C:\Documents and Settings\DONG\Desktop\Torrents\VideoGet 3.0.2.39 PL\Pelna lista stron obslugiwanych przez VideoGet.txt (Error opening file: Not found)

C:\Documents and Settings\DONG\Local Settings\Temp\22B.tmp (Infected with W32/TDSS.FPU)
Deleted file

C:\Documents and Settings\DONG\Local Settings\Temp\4e1c02f1.tmp (Infected with W32/Suspicious_Gen2.BSFPC)
Deleted file

C:\Documents and Settings\DONG\Local Settings\Temp\840.exe (Infected with W32/Suspicious_Gen2.BRYYD)
Deleted file

C:\Documents and Settings\DONG\Local Settings\Temp\ttfpeymw.exe (Infected with W32/Smalltroj.YRFE)
Deleted file


Running post-scan cleanup routine:
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\WINDOWS\system32\Userinit.exe" -> "C:\WINDOWS\System32\userinit.exe,"
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000
Removed registry value: HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoActiveDesktopChanges = 0x00000000
Removed registry value: HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoActiveDesktopChanges = 0x00000000
Removed registry value: HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoActiveDesktopChanges = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoActiveDesktopChanges = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoActiveDesktopChanges = 0x00000000

[12056]

From the scan log, it looks as if the scanner did its job successfully.
But, you are infected with a TDSS Trojan; a very advanced piece of malware that requires special removal instructions.

Instructions for your TDSS infection:

1. Download the TDSS remover from: http://www.esagelab.com/files/tdss_remover_latest.rar
2. Extract the files from the RAR file to your desktop, or other location that is easy for you to find.
3. Run the main executable, and allow it to scan... Your computer may be come very un-stable during scanning, this is normal, but please don't have any other programs open!
4. If prompted to submit the detected files to their lab, select "YES"... once the upload is finished, please take a screenshot of the program so that I can determine further instructions.

You may also try to use MalwareBytes if the above program crashed or "Blue Screens" Your computer...

1. MalwareBytes can be downloaded from: http://www.malwarebytes.org/mbam-download.php
2. Run the downloaded file (the installer) and install it to your computer.
3. Open the shortcut that was placed on your desktop / start menu and preform a "Quick Scan"
4. Take a screen shot of any infections found (so that you can attach it to your next post) and Remove all Items found.
5. After removing any infected items restart your computer.

[gorly]

Strange, when I downloaded it, the program began to run, but then the computer froze and when I booted it back up it will show the Nvidia and Intel screens, but then the screen remains black and won't continue further

[12056]

Strange, when I downloaded it, the program began to run, but then the computer froze and when I booted it back up it will show the Nvidia and Intel screens, but then the screen remains black and won't continue further

+

I assume this was the TDSS Killer...
Can you boot into Safe Mode?

[gorly]

When I attempt to go into safemode the list of "multi(0)disc." etc. stuff will list about half way and then freeze and nothing progresses from there

[12056]

When I attempt to go into safemode the list of "multi(0)disc." etc. stuff will list about half way and then freeze and nothing progresses from there

I'm not sure what has happened, but most likely the driver that allows the TDSS scanner to detect hidden files (rootkits) has crashed your computer.
You should try to use the CD that came with your computer to try get to a recovery screen that allows you to use System Restore, if you have an HP computer I know this is possible.

If your un-able to use / find you disk(s) you can download a recovery console boot disk from here or here, then use fixmbr or fixboot command.

Please let me know if this works, or if we need to try something further.
And so sorry for the delayed reply, I forgot to check the "Notify me when a reply is posted" box!

[gorly]

Haha no problem! I had my friend look over it and everything is fixed now and it was because the system files became corrupt

[12056]

Haha no problem! I had my friend look over it and everything is fixed now and it was because the system files became corrupt

Glad you were able to fix it!