Majority programs not working-major infection [CLOSED]

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

My windows vista automatically closes Notepad everytime it opens, it did the scan but the two notepads were instantly closed. When I clicked on the "View Problem Details" this was displayed, just in case it helps at all..
Problem signature:
Problem Event Name: BEX
Application Name: notepad.exe
Application Version: 6.0.6000.16386
Application Timestamp: 4549b0be
Fault Module Name: StackHash_f863
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Offset: 0030000a
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.0.6000.2.0.0.256.1
Locale ID: 1033
Additional Information 1: f863
Additional Information 2: db7b9191fbdbdcc6b2792269512054a4
Additional Information 3: 7a5b
Additional Information 4: 1bded920d6132ef8bb800e3c5250a7a2

Edit: My laptop is the one that's infected and I'm having to transfer everything over the network from this desktop to the laptop because it cannot access websites hardly. It would not load the kaspersky online scanner it just kept failing to load the page.

Edit 2: Is there a place or a way to save the notepad files on my laptop? I could save them and send them to my desktop and open them and THEN copy+paste it here.

Edited by drewdreworld, 09 June 2008 - 03:05 PM.

Can you try post the ComboFix log ? It should be in the folder C:\ComboFix

I forgot to say that I'm 90% certain at least one type of malware that was affecting my computer (the most visible so I felt like the biggest issue, no way am I certain though) was called WintelUpdate. I believe this is what you were looking to find? The main.txt?

Deckard's System Scanner v20071014.68
Run by user on 2008-06-09 17:57:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.27 GiB (less than 15%) free.


-- HijackThis (run as user.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-09 17:58:27
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sm56hlpr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\ru
C:\Windows\System32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {45E987C5-52A3-4AA1-813C-616551CF9C16} - C:\Windows\System32\urqQGYOH.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {87862E26-BDA0-4A78-B94C-86BCB9428A6F} - C:\Windows\System32\nnnlLCss.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: {60a4cf50-7e79-40e8-1934-9b6bad27c9be} - {eb9c72da-b6b9-4391-8e04-97e705fc4a06} - C:\Windows\System32\fanpydvp.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - F:\Drew\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtozer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bw+0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\3A\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\887648ch\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocoogram\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {a8681551-2848-419f-9210-e6d9b9f179ac} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol:Init_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpdj - Unknown owner - C:\Users\user\AppData\Local\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product=
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe


--
End of file - 20075 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 17:57:54 82944 --a------ C:\Windows\system32\ygvayipw.dll
2008-06-09 17:55:44 91136 --a------ C:\Windows\system32\sckevybg.dll
2008-06-09 17:53:03 91136 --a------ C:\Windows\system32\bmsxvirl.dll
2008-06-04 15:44:29 2560 --a------ C:\Windows\system32\tbrqdjxj.exe
2008-06-04 15:39:18 91136 --a------ C:\Windows\system32\rtkqpogg.dll
2008-06-04 15:32:35 30208 --a------ C:\Windows\system32\nnnlLCss.dll
2008-06-04 05:19:07 95232 --a------ C:\Windows\system32\fanpydvp.dll
2008-06-04 05:13:53 91136 --a------ C:\Windows\system32\xggurlgn.dll
2ll Users\avg8
2008-05-31 06:34:39 0 d-------- C:\Program Files\AVG
2008-05-31 05:22:56 88576 --a------ C:\Windows\system32\ljfxvrih.dll
2008-05-31 05:17:59 2560 --a------ C:\Windows\system32\nludnnvv.exe
2008-05-31 05:14:59 92160 --a------ C:\Windows\system32\ifdfluav.dll
2008-05-31 05:07:00 88576 --a------ C:\Windows\system32\viekmcoh.dll
2008-05-29 04:37:41 720844 --ahs---- C:\Windows\system32\HOYGQqru.ini2
2008-05-29 04:37:38 278528 --a------ C:\Windows\system32\urqQGYOH.dll
2008-05-29 04:25:26 57344 --a------ C:\Windows\system32\cbxvvtuS.dll
2008-05-29 04:25:14 14336 --a------ C:\d.exe
2008-05-29 04:25:12 2 --a------ C:\743748254
2008-05-29 04:25:08 93696 --a------ C:\Windows\system32\ntpl.bin
2008-05-29 04:25:07 93696 --a------ C:\flciijjq.exe
2008-05-29 04:25:06 72192 --a------ C:\mxuxc.exe
2008-05-22 04:53:23 0 -rahs---- C:\MSDOS.SYS
2008-05-22 04:53:23 0 -rahs---- C:\IO.SYS
2008-05-22 03:44:01 0 d-------- C:\Program Files\vghd
2008-05-15 05:13:26 0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-06-04 04:28:10 0 d-------- C:\Users\user\AppData\Roaming\SoundSpectrum
2008-06-01 16:03:54 0 d-------- C:\Users\user\AppData\Roaming\Uniblue
2008-06-01 04:08:08 0 d-------- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
2008-06-01 04:07:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-01 03:46:48 0 d-------- C:\Users\user\AppData\Roaming\wsInspector
2008BHKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87862E26-BDA0-4A78-B94C-86BCB9428A6F}]
05/29/2008 04:24 AM 30208 --a------ C:\Windows\system32\nnnlLCss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/31/2008 06:34 AM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eb9c72da-b6b9-4391-8e04-97e705fc4a06}]
06/04/2008 05:19 AM 95232 --a------ C:\Windows\system32\fanpydvp.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/31/2008 06:34 AM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="C:\Windows\system32\nnnlLCss.dll" [05/29/2008 04:24 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/18/2005 03:35 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/18/2005 03:34 AM]
"SMSERIAL"="sm56hlpr.exe" [05/26/2005 06:12 AM C:\Windows\sm56hlpr.exe]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 11:24 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [10/23/2003 07:51 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/31/2008 06:34 AM]
"BM2f6781ad"="C:\Windows\system32\sckevybg.dll" [06/09/2008 05%avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\urqQGYOH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sy

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\system32\ygvayipw.dll
C:\Windows\system32\sckevybg.dll
C:\Windows\system32\bmsxvirl.dll
C:\Windows\system32\tbrqdjxj.exe
C:\Windows\system32\rtkqpogg.dll
C:\Windows\system32\nnnlLCss.dll
C:\Windows\system32\fanpydvp.dll
C:\Windows\system32\xggurlgn.dll
C:\Windows\system32\ljfxvrih.dll
C:\Windows\system32\nludnnvv.exe
C:\Windows\system32\ifdfluav.dll
C:\Windows\system32\viekmcoh.dll
C:\Windows\system32\HOYGQqru.ini2
C:\Windows\system32\urqQGYOH.dll
C:\Windows\system32\cbxvvtuS.dll
C:\d.exe
C:\743748254
C:\Windows\system32\ntpl.bin
C:\flciijjq.exe
C:\mxuxc.exe
C:\Windows\system32\nnnlLCss.dll

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Also post a new HijackThis log

I tried doing what you said above but when I drop the CFScript.txt onto the ComboFix.exe the little hourglass shows up next to the mouse pointer for half a second and then disappears and the computer sits there doing nothing. I tried to follow the directions above while in safe mode as well.

Run ComboFix itself and post the log

The same thing happened when I ran it by itself; the hourglass popped up for a second then disappeared and it just sits there.

Try this

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
• Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg Mountpoints2, File - Additional Folder Scans, and File - Purity Scan.
• Under Drivers change it to Non-Microsoft.
• Under Files Created Within and Files Modified Within change it to 90 days.
• Check the box at the top-left beside Scan All Users
• Now click the Run Scan button on the toolbar.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

Sadly, that also is not working. Same thing with the hourglass and then nothing happening.

Try it in Safe Mode

If that fails

Rename HijackThis.exe to Drew.exe and post a new log from it

That failed as well. I figured I'd also go on and mention that my AVG cannot update and neither can my ad-aware. I really appreciate all the help!

Apparently I'm using an "old, out-dated" version of HJT but I figure that's better than nothing, because the new one refuses to install just as the other programs refuse to install/open. However, I cannot even get that to post because this forum is refusing me access to post the log via copy+paste or upload..

I -cannot- install a newer version. I've tried, it's not an option. This is getting frustrating

Edited by drewdreworld, 12 June 2008 - 01:38 AM.

I think you would be better off going over to the Windows Vista forum, and have them fix your problem

Once you can get the logs working, come back here and we will remove the malware

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.