so many issues...

Welcome to Major Geeks!

You must allow CounterSpy to fix what it finds. There is no sense in running the scans if you are going to chose to Ignore the problems. Run it again and Quarantine or Delete what it finds. Attach a new log.

Then you must install HJT properly as requested in the READ ME. You installed it exactly where we specified not to install. Follow the directions in the READ ME and download and use our link Install it to the default folder and then rename it. You are not using the version of HJT specified in our procedure. We don't want you to use the version 2 Beta!! I will ask for a new HJT log after having you run another procedure to fix some of your problems.

Have you tried running BitDefender and Panda in normal boot mode? Based on your ShowNew log, you have not even tried to run Panda. At least it never even started a scan which means you did not even get past the download. You said it froze midscan. Your log says it never installed.

Okay let's start fixing some problems!

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

You forgot to attach the log from ComboFix. Please attach it.

Also it appears that you have never done step 2 of the READ ME. Please do it now.


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 1

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {43575103-878C-4343-AD67-EF35E5D5F785} - C:\WINDOWS\system32\yayxv.dll (file missing)
O2 - BHO: (no name) - {838425B8-510D-412D-BB2A-6F691291FD6B} - C:\WINDOWS\system32\xxywv.dll (file missing)
O2 - BHO: (no name) - {B3D7881E-3E98-4113-8E1D-F274FCDB5646} - C:\WINDOWS\system32\vtssq.dll (file missing)
O2 - BHO: (no name) - {CD5DEBAF-D783-47ED-B428-33FB34B47F31} - C:\WINDOWS\system32\hgddc.dll (file missing)
O2 - BHO: (no name) - {E3B89E8C-12CF-4ACE-A909-5554629534B5} - C:\WINDOWS\system32\oppnm.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [wqiz] C:\PROGRA~1\COMMON~1\wqiz\wqizm.exe
O20 - Winlogon Notify: hgddc - C:\WINDOWS\system32\hgddc.dll (file missing)
O20 - Winlogon Notify: oppnm - C:\WINDOWS\system32\oppnm.dll (file missing)
O20 - Winlogon Notify: vtssq - C:\WINDOWS\system32\vtssq.dll (file missing)
O20 - Winlogon Notify: xxywv - C:\WINDOWS\system32\xxywv.dll (file missing)
O20 - Winlogon Notify: yayxv - C:\WINDOWS\system32\yayxv.dll (file missing)

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

Now download The Avenger by Swandog46, and save it to
your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now attach the below new logs and tell me how the above steps went.

1. Avenger
2. GetRunKey
3. ShowNew
4. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system
restore per step 8 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

That means you did not follow the directions properly to save the file. Make sure you have included the REGEDIT4 line and that there are no blank lines above it.

 

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [fgfffbci] C:\rredftak.bat

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\rredftak.bat
C:\WINDOWS\system32\drivers\dirfqvta.sys

If the dirfqvta.sys file will not delete, try renaming it to dirfqvta.sys.bak

Now run Ccleaner.

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!