My computer is so dirty I have to wear Gloves...Help Cleaning Please

[Doesitfloat]

When networked computer immediately connects to malicious sites.

I found some similar symptoms on this site and started corrective action.
This is what I have so far:
Computer Info:
  SONY Vaio w/ 2 gig ram  300 gig Hard drive video is nvidia geforce 750 gtx

OS:
 Windows XP Media Center Service Pack 2
Original operating system for computer.
I do not have a recovery DVD the system has a partitioned hard drive for recovery. (Recovered last week)
Automatic updates are on and installed regularly.

Anti Virus:
Used to run spybot
Just changed to AVAST I like it better

Actions:
Followed steps 1-6 running cleaners Logs: Attached

Additional problems:
Network adapter no longer working.
Inthe hardware manager the device status reads:
Windows cannot start this hardware device because its configuration  (in the registry) is incomplete or damaged (code 19)

Computer can not access internet. 
( I have an identical computer that is not used very much I should be able to copy registry info from it if necessary.)



[attachment deleted by admin]

[kpac]

How is the computer after the scans?

[Geek-9pm]

Avoid using a copy of the registry from even a identical computer.
The proper method is to fully remove the device and start all over again with the installation. No shortcuts allowed.
Do a full removal of the device in question. This can mean to even  physically remove it with h power off, of course. Or disabel it in the BIOS, if it is built-in. After the the PC ha rebooted and the device is not longer there, install what ever setup is normal for that device. Install the drivers BEFORE you put the device in the system unless the setup progrtam says otherwise..
The power off, install the device physically (or enable in the BIOS) restart system. The proper driver configuration should come up this time.

Also, others here can give you some additional help.

[evilfantasy]

Did you set this proxy? R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7070

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O20 - AppInit_DLLs: obxndg.dll

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

• Double-click Lop S&D.exe
  
• Choose the language by typing of the corresponding letter and press Enter
• Click OK at the informative window
  
• Type 1, to choose Option 1 (Search) then press Enter
  
• Wait until the end of the scan
• A report will be generated, post the contents of it in your next reply.

A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt

[Doesitfloat]

Good morning and thanks again for the help.

After completeing the above steps the computer rubs better but,
After a few minuter Avast alerts me that there is an active virus in the memory and I should restart and let avast handle it in boot mode.

Over the weekend I let  Avast scan the hard drive twice and this still pops up.

I need to uninstall and reinstall the network controllers. ( will Do that today.)

Ran the LopSD program Log Follows:



[attachment deleted by admin]

[Doesitfloat]

Got the network adapter working again.
Computer is running performance improved.

CPU is is staying low at 0% to 3% 

Internet works.
VPN works.
Programs work.

[evilfantasy]

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[Doesitfloat]

Ran ComboFix Log attached.

[attachment deleted by admin]

[evilfantasy]

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:files
c:\windows\system32\1A.tmp
c:\windows\system32\15.tmp
c:\windows\system32\18.tmp
c:\windows\system32\19.tmp
c:\windows\system32\1E.tmp
c:\windows\system32\secupdat.dat
c:\documents and settings\Administrator\tqihcr.exe
c:\windows\system32\17.tmp
c:\windows\system32\dsgrab_01c986433407c4e8.dll
c:\windows\system32\drivers\dsload.sys
c:\windows\system32\dsdd.dll
c:\windows\system32\drivers\dsvideo.sys
c:\windows\Tasks\ewwcejcy.job
c:\windows\system32\opnlJbYq.dl
C:\khq
C:\cqhhbeu.exe
C:\asyoclq.exe
C:\-1396750784
C:\khq
c:\documents and settings\All Users\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

Download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start.
  
• An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now Click OK to start.
  • This is a short scan that will scan the files currently running in memory.
  • If or when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis and click OK
  
• Back at the main window, select the Complete scan button.
  
• Then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit.

• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

[/COLOR]

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
  
• Copy and paste that log in the next reply

[Doesitfloat]

Ran OTMoveit!
Log Attached


[attachment deleted by admin]

[Doesitfloat]

Ran Dr.web
1st time goofed did not get a log.
2 nd time log attached.

Avast continues to find Trojan viruses.
Internet explorer does not work.  Downloaded and use firefox now.http://

[attachment deleted by admin]

[evilfantasy]

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.
.
The above procedure will:

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------

1. Double click OTMoveIt3.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt3

----------

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the box in section 1, Empty temp folders.
  
• Check the box in section 2, Fix Windows Installer.
  
• Check the box in section 3, Fix Windows Update.
  
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  
• Check all boxes in section 5, labeled Registration Center.
  
• Click Go
  
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

.
How is everything now?

[Doesitfloat]

Computer runs much better,
will use it today see how it goes.

At start-up Avast always finds a Trojan virus at:
C: Windows\temp\VRT4.tmp

[evilfantasy]

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[Doesitfloat]

This computer took a turn for the worse.
I could not get any programs to run. I would execute them they would start to run for a second then stop.
I was able to run combofix in safe mode. Log attached.


[attachment deleted by admin]