hijackthis help

[jt]

Hello
3 things happening on my computer
1-IE starts on its own
2-when googling, it redirects
3-recently shut down on its own twice

tried adaware / malware bytes(which doesnt even open up anymore) / ccleaner

hijackthis log-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1125 PM, on 8/29/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\YY06B600\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pmnkkldrv] rundll32.exe "xxvtrr.dll",s
O4 - HKLM\..\Run: [geeccdsys] rundll32.exe "ddaaxu.dll",DllRegisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wvwusrdrv] rundll32.exe "xxvtrr.dll",s
O4 - HKUS\S-1-5-18\..\Run: [pmlmnlsys] rundll32.exe "ddaaxu.dll",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ljgffcdrv] rundll32.exe "xxvtrr.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [pmlmnlsys] rundll32.exe "ddaaxu.dll",DllRegisterServer (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.ca/s/v/66.30/uploader2.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6714 bytes


i think its these guys -


O4 - HKLM\..\Run: [pmnkkldrv] rundll32.exe "xxvtrr.dll",s
O4 - HKLM\..\Run: [geeccdsys] rundll32.exe "ddaaxu.dll",DllRegisterServer
O4 - HKCU\..\Run: [wvwusrdrv] rundll32.exe "xxvtrr.dll",s
O4 - HKUS\S-1-5-18\..\Run: [pmlmnlsys] rundll32.exe "ddaaxu.dll",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ljgffcdrv] rundll32.exe "xxvtrr.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [pmlmnlsys] rundll32.exe "ddaaxu.dll",DllRegisterServer (User 'Default user')

when i try to disable in ccleaner, more wierd names come up.

would be grateful for help
Thank you

[jholland1964]

You are correct about those files. CCleaner isn't going to do anything about those so forget about using that one.
You have two anti virus programs on there. It appears that Symantec/Norton is your program of choice but also running is McAfee Security Scan and it is running from Services when the computer starts up. That needs to be removed. Having two av programs on a computer is a no-no as it lessens security, doesn't increase it.
Look in Add/Remove for McAfee and if you find it, Uninstall it.
Also go to Start, Control Panel, Administrative Tools, Services. The list will be in alphabetical order so scroll through and when you find
McAfee Security Scan Component Host Service (McComponentHostService) double click to open it, Stop the service and then set it's start up type to disabled.
Do the same for Lavasoft Ad-Aware Service. This is a background service for Ad-Aware which, unless you have the paid version, does nothing but run. Actually I would advise Uninstalling this program also. It really is not as good as it used to be and many others work much better.
Now since MBA-M won't even open up anymore it likely has been damaged by the infection. So do the following;
Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
Restart your computer (very important).
Download and run this utility. mbam-clean.exe
It will ask to restart your computer (please allow it to).
Then shut down and reboot BUT...
Try this using Safe Mode with Networking. This will boot the computer in Safe Mode but still give you internet access and quite possibly keep the infection from booting with the system.
After the computer restarts in safe mode install the latest version of Malwarebytes' Anti-Malware from here
Update of course and try to run the program again, let it remove everything found. Reboot the computer, update MBA-M again and now in Normal mode run another Full Scan with MBA-M. Allow it to remove all it finds.
Reboot the computer>>>Very Important.
Run a new HJT scan. Post back here with both of the MBA-M logs, safe mode run and normal run and the new HJT log.

[jt]

Thank you for answering
I will try tomm and update