I can help, but I thought I had lost you, as it's been near a week. The longer this system remains infected and connected to the internet, the harder it will become to clean.
That said, we should be able to get you running well again.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
---------------------------------------------------------------------------------------------
Please download
VundoFix.exe to your desktop
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt at the end of this fix
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button" when VundoFix appears upon rebooting.
---------------------------------------------------------------------------------------------
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):
O2 - BHO: (no name) - {2182DC93-897E-4C36-AFB9-DE1ADBD385D4} - C:\WINDOWS\system32\mllmm.dll
O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\mljghec.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\dtsdkfxf.dll
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlom.dll,startup
O20 - Winlogon Notify: mljghec - C:\WINDOWS\SYSTEM32\mljghec.dll
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\mllmm.dll
Close HijackThis now.
---------------------------------------------------------------------------------------------
Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.
---------------------------------------------------------------------------------------------
Delete the following if they exist (many may not):
C:\WINDOWS\system32\drvlom.dll
C:\WINDOWS\system32\dtsdkfxf.dll
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.bak2
C:\WINDOWS\system32\ijkmp.ini2
C:\WINDOWS\system32\mljghec.dll
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini2
---------------------------------------------------------------------------------------------
You should be clear enough of popups to perform these next steps.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:- Download the latest version of Java Runtime Environment (JRE) 6.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.
- After the install is complete, go back into the Control Panel and double-click the Java Icon.
- Under Temporary Internet Files, click the Delete Files button.
- There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
- Downloaded Applications
- Other Files
- Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Java Control Panel.
---------------------------------------------------------------------------------------------
Download
AVG Anti Spyware
Use the link at the bottom of the page under
"AVG Anti-Spyware Free for Windows"
- Install AVG Anti Spyware
- Double-click the icon on Desktop to launch AVG
- On the top of the main screen click Shield
- Click the word active to change it to inactive
- On the top of the main screen click Update.
- Then click on Start Update. The update will start and a progress bar will show the updates being installed.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
When you have finished updating,
EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.
---------------------------------------------------------------------------------------------
Please download
ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only- We'll use this later.
---------------------------------------------------------------------------------------------
Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4):
Quote:
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}"=-
|
Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:
Close Notepad.
Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.
---------------------------------------------------------------------------------------------
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.
---------------------------------------------------------------------------------------------
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click
Exit on the Main menu to close the program.
For
Technical Support, double-click the e-mail address located at the bottom of each menu.
---------------------------------------------------------------------------------------------
Run
AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
- If you have any infections you will prompted, then select "Apply all actions"
- Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
Restart in normal mode.
---------------------------------------------------------------------------------------------
Perform an online scan with Internet Explorer with
Panda ActiveScan- Click on
located at the bottom of the page.
- A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
- Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
- If it finds any malware, it will offer you a report.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on
then click 
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
---------------------------------------------------------------------------------------------
Please download
SmitfraudFix (by
S!Ri) to your Desktop.
Double-click
smitfraudfix.exe to start the tool.
Select option
#1 -
Search by typing
1 and press
"Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!
---------------------------------------------------------------------------------------------
Run ComboScan once again. Post it's log here.
---------------------------------------------------------------------------------------------
Please return with logs from:
C:\VundoFix.txt
AVG Anti-Spyware
Panda
C:\rapport.txt
ComboScan.txt