We'll try to continue
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.
O2 - BHO: (no name) - {34609F54-0AC2-44FE-B2E6-9463740D6457} - C:\WINDOWS\system32\opnmjKcC.dll (file missing)
O2 - BHO: {bf398557-bec1-7278-0954-78891d733b28} - {82b337d1-9887-4590-8727-1ceb755893fb} - C:\WINDOWS\system32\kwucvl.dll (file missing)
O4 - HKLM\..\RunOnce: [SpybotDeletingA429] command /c del "C:\WINDOWS\system32\loppfwhv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5942] cmd /c del "C:\WINDOWS\system32\loppfwhv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5174] command /c del "C:\WINDOWS\system32\lhjavupa.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC448] cmd /c del "C:\WINDOWS\system32\lhjavupa.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA327] command /c del "C:\WINDOWS\system32\luvfwhmy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8885] cmd /c del "C:\WINDOWS\system32\luvfwhmy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8231] command /c del "C:\WINDOWS\system32\vlelsxce.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5812] cmd /c del "C:\WINDOWS\system32\vlelsxce.dll_old"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\RunOnce: [SpybotDeletingB6762] command /c del "C:\WINDOWS\system32\loppfwhv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6969] cmd /c del "C:\WINDOWS\system32\loppfwhv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3868] command /c del "C:\WINDOWS\system32\lhjavupa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9859] cmd /c del "C:\WINDOWS\system32\lhjavupa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2262] command /c del "C:\WINDOWS\system32\vlelsxce.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2811] cmd /c del "C:\WINDOWS\system32\vlelsxce.dll_old"
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System
No Validation is required.
Download the file & save it as it's originally named, next to ComboFix.exe.
Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Drag the setup package onto ComboFix.exe and drop it.
- Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
- At the next prompt, click 'NO' to run the full ComboFix scan.
Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.
Code:
File::
c:\windows\system32\ecxslelv.ini
c:\windows\system32\ymhwfvul.ini
c:\windows\system32\yGQpqtwa.ini
c:\windows\system32\apuvajhl.ini
c:\windows\system32\qoMGvWmM.dll
c:\windows\Tasks\teeycpxx.job
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,20,00,6e,77,76,31,5f,30,00,00
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
- Download the latest version of Java Runtime Environment (JRE)
- Second install - -Java Runtime Environment Offline install
*** be sure that when you update Java, to uncheck any toolbars for OpenOffice.org if you don't want those added to you computer***
Click on the Accept License Agreement button Next Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment License Agreement.".
Download Now! Windows Offline Installation, Multi-language
Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.
NEXT-remove all older versions of Java Go to Start > Control Panel double-click on the Software icon > add/remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) Select it and click Remove. - Close any programs you may have running - especially your web browser.
- Repeat as many times as necessary to remove each older Java versions.
- Reboot your computer once all Java components are removed.
Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================
NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.
Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400
Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition
files. - After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run. (At times it may appear to stall)
* Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
* Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
* Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.
Animated tutorial
http://i275.photobucket.com/albums/j...g/KAS/KAS9.gif
(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419
In your next reply post:
ComboFix.txt
Kaspersky log
New HJT log taken after the above scans have run
Give me an update on how the computer is at the moment.