Spyware, possible Virus issue

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

How in the world did you get Vista so badly infected. Have you been running this PC with UAC disabled all the time and have you been running without proper protection? It looks like all the protection software you have installed was just installed after getting your infection.


Uninstall the below old versions of software:
Java(TM) SE Runtime Environment 6
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {13521A14-0E2A-48FA-B1F3-17A01C4BE307} - C:\Windows\system32\hgghe.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fcywx.dll,#1
O4 - HKLM\..\Run: [3cf4079a] rundll32.exe "C:\Windows\system32\sjdneyxn.dll",b

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now do the below which you skipped in step 1 of the READ ME

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

If you are referring to the free version or Ad-Aware, it provides no protection at all and is not very useful in removing much of the malware in todays world. If you are referring to the paid version of Ad-Aware, it does offer protection but it is still not very useful in removing much of the malware in todays world.

You started using MSconfig again to control startups which you must not do per step 1 in the READ ME. You need to read more about this. See the below link:

Dealing with Startup Processes

Put your PC into Normal Startup mode now and then continue with the below. Some items did not get properly fixed last time. Make sure you have no browsers open when you click Fix checked in HijackThis.

You did not uninstall Viewpoint Media Player as requested. Please uninstall it now.



Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {13521A14-0E2A-48FA-B1F3-17A01C4BE307} - C:\Windows\system32\hgghe.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

Folder::
C:\Program Files\Common Files\kkzi
C:\Windows\kkzi
 
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13521A14-0E2A-48FA-B1F3-17A01C4BE307}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!