This computer was swamped to the max with malware.

I was getting the yellow triangle/ mine system error in the task bar, and could connect to the internet, but no pages would load and I couldnt update antimalware progs.

So I ran smit fix and the mine thing went away, but When I try and go to a website, it still won't connect with the site, it just stays yellow, and no anti malware programs can update, but the dialer is working just fine.


I ran all the progs, and ewido is the only one that detected anything (235 ifnected files).

I let that run it's course and still nothing.

also, I can not load disks into the computer (or access the recovery drive to do a system reset, which my computer sais is drive D)


Here's the HJT:



Logfile of HijackThis v1.99.1
Scan saved at 10:11:58 PM, on 12/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\eycudfge.dll (file missing)
O2 - BHO: (no name) - {8AF0DF79-4894-613F-E3DB-136404DF1B91} - C:\WINDOWS\system32\wxsywzl.dll (file missing)
O2 - BHO: (no name) - {8BF0DF7B-4895-683F-E3DF-126402DC1B91} - C:\WINDOWS\system32\wxsywzl.dll (file missing)
O2 - BHO: Bho - {907C7249-CAAF-4873-B299-0FBFBCD562E5} - C:\WINDOWS\system32\mxoveqfq.dll (file missing)
O2 - BHO: (no name) - {AA9BF432-BDCA-4F9A-A136-4FCE5EDB74FC} - C:\WINDOWS\Fonts\ndsars.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [System Support] system32.exe
O4 - HKCU\..\Run: [Srro] C:\Documents and Settings\HP_Owner\Application Data\nslo.exe
O4 - HKCU\..\Run: [Zlovqsm] C:\WINDOWS\system32\??rss.exe
O4 - HKCU\..\Run: [ao7tRQcmg] lcowselc.exe
O4 - HKCU\..\Run: [System Support] system32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [System Updates] yied.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunServices: [System Updates] yied.exe
O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://mandazpicz.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160181286390
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C025E7-F6AB-4162-A0D7-5BB551266578}: NameServer = 71.243.0.12 71.250.0.12
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Psbstpscnsum - Hewlett-Packard Company - (no file)

download http://www.mvps.org/winhelp2002/DelDomains.inf with I.E.

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.
==========================
Please click here http://www.majorgeeks.com/Sun_Java_Runtime...ment_d4648.html to download the latest version of JAVA Install the application, then go to the Add/Remove Programs options in the Control Panel and Remove ALL previous versions of JAVA.
===========================
1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall


===============================
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\eycudfge.dll (file missing)

O2 - BHO: (no name) - {8AF0DF79-4894-613F-E3DB-136404DF1B91} - C:\WINDOWS\system32\wxsywzl.dll (file missing)

O2 - BHO: (no name) - {8BF0DF7B-4895-683F-E3DF-126402DC1B91} - C:\WINDOWS\system32\wxsywzl.dll (file missing)

O2 - BHO: Bho - {907C7249-CAAF-4873-B299-0FBFBCD562E5} - C:\WINDOWS\system32\mxoveqfq.dll (file missing)

O2 - BHO: (no name) - {AA9BF432-BDCA-4F9A-A136-4FCE5EDB74FC} - C:\WINDOWS\Fonts\ndsars.dll (file missing)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min

O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"

O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"

O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" –c

O4 - HKLM\..\RunServices: [System Support] system32.exe

O4 - HKCU\..\Run: [Srro] C:\Documents and Settings\HP_Owner\Application Data\nslo.exe

O4 - HKCU\..\Run: [Zlovqsm] C:\WINDOWS\system32\??rss.exe

O4 - HKCU\..\Run: [ao7tRQcmg] lcowselc.exe

O4 - HKCU\..\Run: [System Support] system32.exe

O4 - HKCU\..\Run: [System Updates] yied.exe

O4 - HKCU\..\RunServices: [System Updates] yied.exe

O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90

O23 - Service: Psbstpscnsum - Hewlett-Packard Company - (no file)
=====================
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

Psbstpscnsum

Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.


======================

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\DriveCleaner 2006 Free
C:\Documents and Settings\HP_Owner\Application Data\nslo.exe
C:\WINDOWS\system32\??rss.exe
C:\WINDOWS\system32\lcowselc.exe
C:\WINDOWS\system32\system32.exe
C:\WINDOWS\system32\yied.exe


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system