Ok, lets give this a try as part of the fix is going to require running in safe mode

Download avz4en.zip here - it may be a slow download so be patient.

Unzip it to a folder on your desktop.

Double click on AVZ.exe.

Click on File - System Recovery.

Put a checkmark next to "10. Restore SafeBoot registry keys"

Click on Execute selected operations (if you get a warning asking you to continue, click the "ok" button to the left in the display - the software source is written in Russian so may not translate correctly). Once completed click OK- Close and close AVZ Antiviral Toolkit (do not use this for any other purposes there to avoid damaging your system).

Then reboot, allow a full startup and next reboot into Safe Mode.
-------------------------------------------------------------------------------------------------------

You May Want To Add the following instructions to a Notepad file On your Desktop
1)Reboot the computer in Safe Mode (at the start of the boot sequence, press and hold F8, then choose Safe Mode from the Windows boot menu).

2)Use Task Manager to terminate the worm process (it may be called "hidr.exe" or "srosa.sys").

3)# Delete the following files if there:

• 
  C:\Windows\System32\drivers\srosa.sys
  C:\Windows\System32\drivers\hidr.exe
  C:\Windows\svchost.exe

4)Select Start - Search -> search for both srosa.sys and hidr.exe
if either are found delete all instances of them

5)Select Start - Run - Type regedit
*Delete the following parameter only if there:

• 
  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
  "drvsyskit" = "%System%\drivers\hidr.exe"

6)Delete the following registry key:

• 
  [HKCU\Software\FirstRRRun]

7)Delete the following folder and its contents:

• 
  C:\Windows\exefqd

Run a scan only with Hijackthis and fix
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: BVWIFOLT - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BVWIFOLT.exe (file missing)
O23 - Service: FNQT - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FNQT.exe (file missing)
O23 - Service: FXTISOL - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FXTISOL.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: ZAXHQLNL - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ZAXHQLNL.exe (file missing)

-------------------------------------------------------------------------------------------------------------------------------------------------

Reboot to Normal Mode and post a fresh Hijackthis log and Deckard Scan log

i try to download it

404 - HTTP not found

any other links to download it from?

try this

Download the ZIP file, extract the SafeBoot-for-Windows-XP-SP2.reg file and merge it into the registry by double-clicking it:
SafeBoot.zip

Click YES on the following screen

Managed to get it in the end, and it work

I deleted scvhost in safe mode but when i did a new scan once i restarted, i saw it was still there, so i manage to termante it and delete it, then i rescaned


Heres the 2 new logs

Bump for Blind Dragon :]

Looks better. Any more crashing problems since?

If your computer is now functional please follow below

I didn't notice an active firewall or Virus scanner on your system.

A decent firewall for XP is Zonealarm which you can get from HERE
------------------------------------------------------------------------------------------------------------------
If you don't have an Anti-Virus program installed, select one from the below list and install, update, and scan immediately
AVG
Avast
------------------------------------------------------------------------------------------------------------------

Ad-aware

• Download and install the latest version of Ad-Aware (currently 2007 7.0.2.6
• If you download the file to your desktop, simply click on the installer icon. If you download to another folder navigate to it through my computer and doubleclick on aaw2007.exe
• Follow the prompts to install the software and when it asks if you would like to do a "Standard" or "Advanced" Installation, select the Standard installation. Keep following the prompts and after the program has finished installing select Finish
• If the program is starting for the first time, it will prompt you to enter your registration information. As we are using the free version of Ad-Aware 2007, we simply press the Cancel button at the screen asking us to enter our license information. Ad-Aware 2007 Free will now open. If you already have this version please open it.
• Before running a scan, you should always make sure that Ad-Aware is up-to-date with the latest program files and malware definitions. This allows the software to recognize as much malware as it can when scanning your computer. To update Ad-Aware 2007 Free click on the Web Update section in the left pane. now click on the Update button
• If an update is found it will tell you and you should click on the Yes button and let it download the update.
• You can now click on the OK button to go back to the Ad-Aware status screen. When you are checking for updates, Ad-Aware may also alert you that there are new Program updates available. If so, select Yes to download these updates
• Now click on the Scan tab in the left pane, select Full Scan then click Scan in the bottom right corner
• When you are presented with your scan results, put a tick mark in the boxes to the left of the results, select the privacy objects tab and also put a tick in these boxes.
• After all objects are selected you can hit Remove

Spybot Search and Destroy

• Download and install the latest version of Spybot - Search & Destroy (currently 1.5.2) (If you already have this version please open it, update, immunize, and Check for problems under search and destroy)
• When you have downloaded the program, double click on the downloaded file to start the installation. Follow the default selections, agreeing to the user agreements, and pressing the Next button until you get to the Select Additional Tasks screen.
• Make sure that the last entry ("Use system settings protection (Tea Timer)") is checked.
• Press the Next button and then the Install button to start the installation process
• Check Run Spybot S&D press Finish. Spybot - S&D will now start
• The first screen asks if you want to backup your registry in order to be able to restore from it in the future. This can cause no harm, so it is a worthwhile task to do. You should click on the Create registry backup button
• Click on the Search for updates button. If updates are available then select the Download all available updates button
• When the updates are installed click on the Next button
• You should now click on the Immunize this system button. When it finishes click on Next button
• Then click on the button labeled Start using this program to begin using Spybot - Search & Destroy
• For help with any problems please see this guide Spybot tutorial

I would also run
Crap Cleaner

• Download from HERE
• Close all browsers.
• Run the programme and make sure all the boxes are ticked under the Windows and Applications tabs, Also check All Advanced tabs(except for the Old prefetch Data option, this should be unticked)
• Click the run cleaner button. Do this several times

And for a 2nd opinion that you are clean proceed here.
Trend Micro Housecall Free Online Scanner

• 
  It`s one of the very few online scanners that will actually disinfect viruses etc.
• First Open Internet Explorer
• Go to Trend Micro's Housecall website which can be found HERE
• Click on the link that says "Scan now. It's Free"
• A new tab will open where you will have to tick a box to agree to the terms of service.
• Click "Launch House Call"
• Follow any additional on screen instructions
• Select any infections then Fix Checked after the scan

-----------------------------------------------------------------------------------------------------
Keep these programs updated regularly and scan regularly.

Please let me know what you find using these programs.

Well, ive stil get usbport.sys blue screen.....

It doesnt seem that much different really, its seems a bit worse? Like its got sluggish

Its alot wose

Im getting alot more usbport.sys, when as before you used to be when I just tryed to run a macro. Now its alot...im looking at pictures, on the web, it just comes up.

Also, other blue screens come up...smaller ones without a .sys file at the bottom.

Sometimes it takes about 7 attempts to get the pc workling as when the desktop loads...blue screen.

and when it does come on, ive got 2 messages saying

"The ntvdm cpu has encountered an illegal instruction"

also, the pc is acting very sluggish

this is undesirable usnsvc.exe
see bleepingcomputer article

ok, its not in my windows directory, and its not running as a service anymore??

but is all this causing usbport.sys? thats what i reallly need to sort out, as i cant run some programes without it bluescreening...... and they are important.

Cheers