Hjt scan !

therealsmoothy

hi can some 1 plz tell me wat is rong with this hjt. i am also having trouble with the internet when i have this computer an another computer running on the wireless network. the router is a belkin f5d7630-4a an it keeps freezing with the 4 lights on front an disconnectin from internet which is very frustraing can sum1 plzzz help


Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
d:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINNT\System32\svchost.exe
d:\Program Files\ewido\security suite\ewidoctrl.exe
d:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
d:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
D:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\WINNT\system32\bcmwltry.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINNT\system32\wuauclt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cyejgwdoplshrcq.net/53Bb6sPlBcZ20PTi3whxAXYQJFjJfBJHVEav23vJY8ti0Sfp2siribxhF82h770z.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http= http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: (no name) - {4DBE3970-EC18-D349-095F-F9766A2098BF} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - d:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {86988E7F-7A90-1F0C-0ACA-022BD85E46F9} - (no file)
O2 - BHO: (no name) - {A0C00E56-D86B-6A64-8741-677C3D02CBAB} - C:\WINNT\system32\ieew32.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {D82CC210-5755-EBE4-B641-1570FBA1FF6B} - C:\DOCUME~1\ADMINI~1\APPLIC~1\FASTDE~1\cityweb.exe
O2 - BHO: (no name) - {EA33A161-2985-A853-2C97-B442209948A2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VetTray] d:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [trustbags] C:\DOCUME~1\ADMINI~1\APPLIC~1\ShimScr\64 Meet.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O16 - DPF: ConferenceRoom Java Client -
O16 - DPF: Yahoo! Checkers -
O16 - DPF: Yahoo! Freecell Solitaire -
O16 - DPF: Yahoo! Pool 2 -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0041/ukiq0041.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - d:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RemoteShutDown Service (RemShutDownSvc) - Unknown owner - C:\WINNT\System32\remsdnsv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - d:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: adyldxauucng (zdjywsus6) - Unknown owner - C:\WINNT\System32\blcrfaok6.exe (file missing)

Crunchie

Can you please do the following.

===============

The header for HiJackThis is very important: It helps to determine what steps might need to be taken to better secure your system, and provide more efficient cleanup procedures. For example, some files, which are standard on one platform, may indicate a virus or trojan on another. So, be sure to include this information with any future posts.

===============

We'll need to unload Spybot's Teatimer before we begin. To do this can you start Spybot and go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit". Do not forget to re-enable it when we are done .

===============

Next, we need to remove(uninstall) the 'lop' infection by going to here, then downloading and running the uninstaller(s) that relate to the application(s) your wanting to remove. The following selections are available: "Start page", "Search engine", "Accessories Toolbar".

===============

Scan with HiJackThis, then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cyejgwdoplshrcq.net/53Bb6...hF82h770z.html

F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe

O2 - BHO: (no name) - {4DBE3970-EC18-D349-095F-F9766A2098BF} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {86988E7F-7A90-1F0C-0ACA-022BD85E46F9} - (no file)
O2 - BHO: (no name) - {A0C00E56-D86B-6A64-8741-677C3D02CBAB} - C:\WINNT\system32\ieew32.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {EA33A161-2985-A853-2C97-B442209948A2} - (no file)

O15 - Trusted Zone: *.scoobidoo.com (HKLM)

O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/...1/ukiq0041.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} -

O23 - Service: adyldxauucng (zdjywsus6) - Unknown owner - C:\WINNT\System32\blcrfaok6.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINNT\System32\blcrfaok6.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

therealsmoothy

i done everythin u said but hjt wont remove some of the entries. could sum1 also tell me y it might take my comp 10mins 2 shutdown.



Logfile of HijackThis v1.99.1
Scan saved at 17:42:49, on 14/01/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
d:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINNT\System32\svchost.exe
d:\Program Files\ewido\security suite\ewidoctrl.exe
d:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
d:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
D:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\WINNT\system32\bcmwltry.exe
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http= http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {4DBE3970-EC18-D349-095F-F9766A2098BF} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - d:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {86988E7F-7A90-1F0C-0ACA-022BD85E46F9} - (no file)
O2 - BHO: (no name) - {A0C00E56-D86B-6A64-8741-677C3D02CBAB} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {D82CC210-5755-EBE4-B641-1570FBA1FF6B} - (no file)
O2 - BHO: (no name) - {EA33A161-2985-A853-2C97-B442209948A2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VetTray] d:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: ConferenceRoom Java Client -
O16 - DPF: Yahoo! Checkers -
O16 - DPF: Yahoo! Freecell Solitaire -
O16 - DPF: Yahoo! Pool 2 -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - d:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RemoteShutDown Service (RemShutDownSvc) - Unknown owner - C:\WINNT\System32\remsdnsv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - d:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: adyldxauucng (zdjywsus6) - Unknown owner - C:\WINNT\System32\blcrfaok6.exe (file missing)

Crunchie

Can you please do the following.

===============

We'll need to unload Spybot's Teatimer before we begin. To do this can you start Spybot and go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit". Do not forget to re-enable it when we are done .

==

You will also need to disable Ewido by right clicking the icon in the taskbar and exiting the program.

===============

Scan with HiJackThis, then check(tick) the following, if present:


O2 - BHO: (no name) - {4DBE3970-EC18-D349-095F-F9766A2098BF} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {86988E7F-7A90-1F0C-0ACA-022BD85E46F9} - (no file)
O2 - BHO: (no name) - {A0C00E56-D86B-6A64-8741-677C3D02CBAB} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {D82CC210-5755-EBE4-B641-1570FBA1FF6B} - (no file)
O2 - BHO: (no name) - {EA33A161-2985-A853-2C97-B442209948A2} - (no file)

O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} -

O23 - Service: RemoteShutDown Service (RemShutDownSvc) - Unknown owner - C:\WINNT\System32\remsdnsv.exe
O23 - Service: adyldxauucng (zdjywsus6) - Unknown owner - C:\WINNT\System32\blcrfaok6.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINNT\System32\remsdnsv.exe
C:\WINNT\System32\blcrfaok6.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

EDIT. Only fix this one if you no longer need it;

O23 - Service: RemoteShutDown Service (RemShutDownSvc) - Unknown owner - C:\WINNT\System32\remsdnsv.exe