Big problem (beginning with hldrrr.exe)

Hi, here's what's happened:
(running XP SP2)

-- Started up PC, & after ~1 minute everything slowed down
-- no programs would launch, including task manager and start-->run
-- right-clicking anything (e.g. task bar) wouldn't work
-- suddenly eveything started working again
-- later (~3 mins) it happened again
-- kept on hapening. I think it hapened only when connected to the internet, so unplugged from the network at this point
-- searched for the names of all the running processes in Google (on a different PC), and found that hldrrr.exe was the only suspicious one. This process only popped up once into the task manager, and only for a moment.
-- tried to delete it from where websites said it was (c:\windows\system32\hldrrr.exe) but it wasn't there
-- I noticed that AVG Antivirus Free Edition wouldn't load. Found that some of its files had been deleted
-- Tried to reinstall AVG, but it failed to copy some files into the install folder
-- started following instructions here: http://forums.majorgeeks.com/showthread.php?t=35407
-- Spybot wouldn't install. Found that some of its files were deleted immediatley after install (I saw them appear in the install folder for a second, and then go)
-- tried to reboot into safemode. Got as far as the list of options of startup methods (safe mode, safe mode with networking etc.)
-- selected safe mode
-- computer restarted itself and returned to the list of options
-- selected each of the options in turn, but all just made the computer restart
-- AHH can't start up computer PANIC!
-- used XP cd to boot the computer into this command-prompt-thingy it has ('recovery console'?)
-- from there, saw that c:\windows\system32\hldrrr.exe did exist, and deleted it
(-- got a bit stuck for ideas, was waiting for my registration with this site to send me an email to confim registration)
-- found that hldrrr.exe is from trojan.tooso.exe (according to symantec)
-- STUCK FOR IDEAS
-- registration for this site finished...

... and here I am.

Any ideas? i never got as far as a HJT log or anything, so nothing there...

Any help will be welcomed!

 

Yep, still problems.

If by the readme you mean the thread I referred to in my first post, I can't complete it, because I CAN'T TURN ON MY COMPUTER!
It's as I said in my first post: I just get a list of start-up, methods when I try to turn on (that's safe mode, normal, etc.). If I select one the computer restarts and returns to the list of options again.

I have no logs or anything to post, because I got to step 5 of the readme & tried to boot into safemode before runnning any scans, as it suggested, and now can't do anything because I can't turn on my computer.

Please, can anyone help? If you can just get my computer to turn on, I'll be able to run some scans & stuff, so then it'll be easier to sort out the problem.
But for now, I imagine that I need to restore some importent system files or something. How can I do that?

Thanks

 

Thanks alot!!
Yes, I used the MSConfig method, and yes rebuilding boot.ini worked!

I will do some scans and post the logs.

Bear with me while I do that...

 

Right, here are a load of reports from scans.

I still cab't get into safemood, just normal startup, so that's what they were all done in.

Hope they're useful... thanks for the help so far!

(I'll have to make a few posts beacuse I can only attach 3 files per post...)

 

...and the other 3

 

Sorry I posted the wrong ShowNew file. I re-scanned & here's the proper one.

PeepShowLite is a program I uninstalled a while ago. It lets you 'cut holes' in windows so you can see what's under them.
FlashMute is a program I still use, which mutes internet explorer & firefox, or just flash plugins in the two browsers.

I already disabled MSConfig, but here's another HJT log & GetRunKey log anyway.

Thing with the .reg file: done.

Hidden files and folders already displayed

Deleted: C:\Documents and Settings\MB\Desktop\mms1001.exe
Not found: C:\Windows\System32\hldrrr.exe
Folder deleted (it was empty): C:\Windows\exefld

Rebooted (still in normal mode) & yes, the FirstRRRun key is gone.

Thanks alot!

 

Sorry, forgot to say: everything is working fine, including when connected to the internet.

I have uninstalled those Java things, and will look into getting a newer version of Ad-Aware. I didn't realise it was that old!

Thanks for the help . Do you reckon that's it now? Can you see anything dodgey left on the computer?

 

(hmm, there's no edit button on my post...there was one there yesterday...)

I take that back: AVG AntiVirus still won't install (error message attached).
But it may be an AVG problem not a virus problem, so if you think my computer's OK then I'll beck things up (knowing that I'm not backing up any viruses) and format the disk & re-install Windows.
That's if I can't get AVG to install. I'm looking on Google for solutions right now. Let me know if you have any ideas.

Other than that, I just need to know if my computer's clean or not.

Thanks again!

 

Well it's not an AVG-problem.
I tried to install Kaspersky AntiVirus, and its main exe got deleted as soon as install finished...!

 

I also just tried to intall Norton AV, but it had its exes deleted too.

As an experiment, I renamed a .txt file to one of the .exe files that got deleted when Norton was trying to install, and that got deleted to. No matter where it was when I renamed it.

 

Sophos found loads of stuff. I had to split it into 4 files otherwise it broke the max. file size.
Most look OK to my untrained eye, but I noticed my old friend hldrrr being referred to! (nothing deleted yet, though, like instructed)

Avast found nothing.

 

4th part of the log

 

Nope. I didn't even know it was possible to do that!

No, I can't see them. I used the .reg file as suggested & it said it was succesfully entered into the registry. Does this mean it worked? Or does it mean it couldn't find them to delete them, so just said it had deleted them?

(I said 2 posts ago ) I ran it, but it found nothing.

Windows search found NONE of those files & folders!

Thanks for the help so far...

 

That's OK! I imagine your eyes glaze over reading all the posts you do, helping so many people!

Here's the log for BackLight.

 

Those files are fixed, and after rebooting & rescanning, nothing was found (& no log file was made).

However, hldrrr reappeared in msconfig-->startup items, trying to run c:\windows\system32\hldrrr.exe.
I removed its 'run' entries in the registry & restarted & it hasn't put itself back. I couldn't find c:\windows\system32\hldrrr.exe to delete it.

Edit: AVG AntiVirus has succesfully installed now! I'm updating & scanning at the mo.

 

Wow. Thanks ALOT for all the help! Now I can relax...