Followed Read & Run First Instructions...

You have HijackThis installed here:
C:\Documents and Settings\Tom McGee\Desktop\spyware tools\HijackThis.exe

This is exactly where step 7 requests that it not be installed. Please follow all the instructions in step 7 of the READ & RUN ME and install HijackThis properly. Do this before continuing.

Is your version of CounterSpy a piad version or a trial?

Do you know what the below is for:
O21 - SSODL: Mapehdev - {198265B7-1CF3-4059-AC36-E0604CC37294} - C:\WINDOWS\System32\artihcat.dll


Let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

Now download FindQool by LonnyRJones

• Extract the files and place the FindQool folder into root folder of your hard disk. This is usually C:\
• Open the folder and run Qlocate.bat
• attach the contents of the txt.log which will open when the scan is finished.

After getting the above info, I should be able to start working up a fix for your problems! You have a few!!!

 

I would like to get some more info on the C:\WINDOWS\System32\artihcat.dll file. Locate it again using Windows Explorer and then right click on it and select Properties. Now see if there is a Version tab in the window. If so, select the Version tab and on the next window select each of the listed Item names (one at a time) to get more info about the file. The most important Item is the company name. If there is no Version tab, tell me that too.

 

Download - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later to run it.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click OK.

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.

C:\WINDOWS\ECRTC.DLL
C:\WINDOWS\system32\bctont.exe
C:\WINDOWS\system32\rllsn.exe
C:\WINDOWS\system32\dgrwxyo.exe

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself. However BOOT INTO SAFE MODE during this reboot and do not run anything but what I request. DO NOT open any browsers!


After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\rllsn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,dgrwxyo.exe
O4 - HKLM\..\Run: [bsxgnr] C:\WINDOWS\system32\bctont.exe reg_run
O15 - Trusted Zone: *.ubs.com
O15 - Trusted IP range: 162.66.44.*
O15 - Trusted IP range: 161.15.44.*

Now exit HJT
Run Windows Explorer and double check to make sure the below files are all deleted (some we already got with killbox):
C:\WINDOWS\ECRTC.DLL
C:\WINDOWS\system32\bctont.exe
C:\WINDOWS\system32\rllsn.exe
C:\WINDOWS\system32\dgrwxyo.exe


Now reboot into normal mode and after reboot double check the same HJT entries I had you fix above and if any still remain, fix them again a second time.

Now attach a new HJT log and a new log from FindQool

Also tell me how things are working!

From you Uninstall programs list, here are some things to do:
Java 2 Runtime Environment, SE v1.4.2 <-- you need to install the current version (1.5.0 Update 6) and then uninstall 1.4.2
Mozilla Firefox (1.5) <--- you need to install the current version 1.5.0.3
MSN Messenger 6.0 <--- this is also out of date. Consider updating if you use it.
Spy Sweeper <--- is this a paid version or a free trial?

 

You do not have that file loading. You have nvcpl.dll which is for your Nvidia Control Panel (this is your graphics card).

Hmmm! It's funning that you said you have a paid version of Spy Sweeper and it shows in Add/Remove programs but I do not see it running in your HJT log. Did you uninstall it now? If not, perhaps the install is broken and needs to be reintstalled. You should uninstall CounterSpy and Windows Defender but you need to keep Windows Defender until you are sure you have Spy Sweeper properly installed and running.

If you are concerned about unnecessary programs starting up, the below lines can be fixed. They are not malware but they are not needed and waste system resources:
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Otherwise your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

If you know how to use WinZip, put the C:\WINDOWS\System32\artihcat.dll into a ZIP file and attach it here. I would like to see what it is.


Where in Jersey are you located?