Pretty rough infection...

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.

 

You have spybot search and destroy's teatimer feature active which I will need for you to disable otherwise it will hinder the fix.

How to disable Spybot's TeaTimer

Did you knowingly install the below program? If not then please uninstall it

• WinPcap 4.0.2

If you did not deliberately set this proxy yourself then please include it in the HJT fix below:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix exit HJT.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

File::
C:\WINDOWS\system32\drivers\yvfxsj.sys
c:\windows\Kfukeditexetedab.dat
c:\windows\Akehisigihaj.bin
C:\Windows\0.log

DirLook::
c:\documents and settings\Micron\Local Settings\Application Data\{9856A3CF-C50A-4DA8-A23A-5F4631A3E3D8}
C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

Folder::
c:\documents and settings\Micron\Local Settings\Application Data\vurrrxdct
C:\Documents and Settings\LocalService\Local Settings\Application Data\ytgcxkuqj
C:\Documents and Settings\Micron\Local Settings\Application Data\jmxrvpfu

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Windows Support Center"=-
"msghandler"=-
"yahgamreg"=-
"SpiralFrog"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yvfxsj]

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know how things are running!!