Have a look at this link for a possible solution:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/2008/2/PART-2-MESSAGE-HJT.htm

I haven't the time to fully analyse your HJT log but...

Did you search the forum on the IP address? Usuually the best thing to do first. Anyway, search the forum on the string 82.255 and pick your thread to read.

This is one of the threads that go...

Well done. Perhaps you can mark this thread as solved. The AVG/SAS thing was a red herring. Do try now to think what could have happened to bring this malware attack about.

I prefer to pay for...

Your list seems clean to me. Have you done any of the checks I suggested?


I'm wondering whtehr the firewall function of AVG is interfereing with itself. Or do you need both SAS and AVG? I...

As I said (Judy), no conflict netween our advices - except perhaps that I'll always do the regedit to make sure make sure. If the registry's clean, nothing lurked that the anti-malware didn't detect....

My above reply was typed before jholland1964 added his sensible advice. We both want you to make sure and there is thus no conflict between both sets of follow up advice.

Well done. I would adviseyou ro do one more thing.

Go to each of the following locations in turn:
C:\ Look for recent .EXE or .BAT files with a date around the time of your first event
...

85.255.113.132,85.255.112.84

The lines with this IP address are the problem. Needs dealing with immediately IMHO.

Read the sticky posts in the spyware forum and follow the advice there to...

You're well infected. Lots of DLLs like tuvuusSl.dll.

Have a look at other posts involving Crunchie and take the actions recommended/detailed there.

You could probably work your way through it...

Just to add to Crunchie's advice, comparing HJT logs, your situation has worsened as evidenced by these entries (at least):

O2 - BHO: (no name) - {65940327-f4c6-4b9a-ad8a-3456d6272b1a} -...

If nobody else replies with one of the "standard" methods you'll find in most threads, and since you've been working on this for a few days (the way I would have), you cold do worse than search the...

... Not exactly - but Windows need "repairing" in my circumstances.

Being pedantic here, Windows Repair requires the Repair Console which, as you well know, enables a bunch of DOS type utilities...

... Not exactly - but Windows need "repairing" in my circumstances.

Being pedantic here, Windows Repair requires the Repair Console which, as you well know, enables a bunch of DOS type utilities...

I had a similar (but not identical) problem with my XP 64 system; I couldn't display any system properties in the admin screen and my AV system was reported as not present. On loading, Windows said...

It's very difficvult to get rid of the trojan file that's running. Since you know the file concerend, you could put the drive onto another PC (e.g. via a USB enclosure) and remove it (and any others...

Hijack log - Look at the first sticky post in the Virus forum for a run down on the procedure to use.

Do please mark this thread as SOLVED.

This has been one of the most straightforward interactions with Crunchie that I've seen. One of the reasons that I offer the alternative method is that at...

We would need the HJT log to begin diagnosis.

Have you searched in the registry for admd.dll? It is possible that the orphan entry is still there.

Are there any other ill effects?

Did you do all that I suggested?

You haven't provided much more by way of information. We're here hundreds of miles away from you and only you know what you've done and what you see.

The below HJT items look dead dodgy to me.
---------------------------------------------------------
O4 - HKLM\..\Run: [vqzcxsxy] rundll32.exe "C:\Program Files\vqzcxsxy\pctmlepy.dll",Init
O4 -...

O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\RSDP\blackd.exe

This is a firewall, isn't it?

Any chance you could temporarily disable this and see what happens?
...

http://support.microsoft.com/kb/921049/en-us

Have a klook at the above link.

I couldn't see anything in the HJT - but it was only a quick look.

If the cellular card works, then we can rule out IE settings. Wouldn't you agree?

Because you're experiencing the problem with both wireless and wired connexions, I'd have thought that your...

Bit by bit we're winkling important stuff out of you that we should have known up front.

So this is the deduced situation and some associated questions:

1 You have a laptop that moves between...

Is it an ADSL link or a cable link?

Can your router display the S/N ration and the Loop Attenuation so we can see whether or not there is an ADSL line problem?

My ADSL line is 1Mb (the cable...

So your problem's gone away? If so, please mark this tjread as SOLVED.

hmmm ...

That Proxy 80.58.205.61 is www.ripe.net.

Thought you'd want to know. I don't know what to make of it.

It was this HJT entry on quick examination that led to my suggestion:
---------------------------------------------------------
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet...

Seems to me that the sites are blocked by the Proxy Server.

Does that seem possible to you?

---------------------------------------------------------
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v4.dll

O21 - SSODL: E404Helper -...

First, it might help if you describe the affected hardware. I might have missed it in an earlier post, but a refresh on page 2 won't hurt.

You have absolutely no choice now but to re-install your...

Are you saying that you can't even boot normally? Or did I misunderstand?

Anyway, I see your problem here - re-installing SP1 over SP2 whilst not having the benefit of RUNDLL.EXE.

So, with your...

The HJT looks clean (doesn't mean that nothing in your system has been altered and indeed it seems RUNDLL.EXE is missing).

Registry clean - Advanced Windows Care (free) or Uniblue Registry Cleaner...

Don't worry about the IE message. It would have been best to run VundoFix without IE running and the message then would not have occurred.

ANyway, don't forget to clean out your registry again.
...

Well, you need to post the Combofix log and the HJT log again.

Also, if the problem is on a laptop, just buy the right USB enclosure (SATA or PATA according to your disk type) and put it on the...

You appear to be well infected - viz:
---------------------------------------------------------
O2 - BHO: (no name) - {3C0309CC-169A-4854-881C-F437E6A94479} - (no file)
O2 - BHO: (no name) -...

I'm so pleased you fixed it. So many people fail to see the importance of matching the date/time of the first event with unsigned DLLs, EXEs or SYS or INF files in the System32 folder.

You did...

Do the registry cleanup. I use Advanced Windows Care.

Any other problems? You didn't answer that.

That's why you need to do the Windows repair to hopefully put everything back into a state of grace.

It means that Windows stuff isn't likely to be in a state of grace - provided that all malware...

Registry Clean: I use Advanced Windows Care. Some are free, this costs a small amount.

Repair Procedure: http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx
...