eied woes..

Please avoid using that silly paper clip at the top of the msg edit window and do not change your attachments to inline links. That makes accessing them troublesome because you have to login again each time you want to access them. Just make them plain attachments. I'll change your now. And you should be able to see what I mean.

 

Why are you running without an antivirus application installed?

You did not install and run MS Antispyware per the READ ME. Why not? Explain what you mean by did not work too well. Are you saying it did not work because you are using an illegal copy of Windows?

 

Sorry I did not notice the AV part of Kaspersky running.

If you could not get into safe mode then how did you run all the other steps? I would assume normal boot mode. So why wasn't MS Antispyware also run in normal boot mode.

The copy of windows that came with your PC is illegal and cannot be properly maintained because Microsoft update will see it as illegal and this reject it. The below are standard example of an illegal hack to avoid Windows XP authentication.

O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe

 

You should have just tried MS AS in normal boot mode to see if it would work but it could be due to the copy of WinXP being non-valid.

Here are some fixes for your current malware problems.
Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [svlmngr] svlmngr.exe
O4 - HKLM\..\RunServices: [svlmngr] svlmngr.exe
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
c:\windows\system32\svlmngr.exe
c:\ex.cab
c:\eied_s7.cab

Additional step to delete eied.inf
- Click Start, Run, and enter cmd in the box and click OK. This opens a commend prompt windows.
- Enter the following command lines each followed by the enter key
cd C:\WINDOWS\Downloaded Program Files\
attrib -r -h -s eied.inf
del eied.inf
exit

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Let's try searching for a couple of those files:

Click Search and the Select "All files and folders"
Enter svlmngr.exe in the "All or part of the file name:" box
Now select "More advanced options"
Make sure the following check boxes are checked:

• Search system folders
• Search hidden files and folders
• Search subfolders

Then click the Search button.

If found, right click on it and select delete. Then repeat the above for eied.inf

Let me know the results. How are things working now?

 

That's the HijackThis backup of what it fixed. It is saved incase you make a mistake. You can delete it now yourself.

 

You're welcome.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!