Major Issues

[SwimChao]

Like, do the other steps then tonight when I goto bed. Would it be smart to leave it to run throughout the night?

 

[xxdanielxx]

yes if you never done it, it can take a long time

 

[SwimChao]

Thanks alot, Daniel! Do you want me to post anything after I've completed all of the cleanings?

Thanks to you too Dragon!

 

[xxdanielxx]

once you finish everything update your avast and run a full scan. Then post back what it finds to make sure we are done

 

[SwimChao]

Alright, when I started up after OTCleanit! msconfig DID startup and it had a quicktime thing called "qttask.exe". I went to uncheck it and apply, and it said this had to be done on an account with administrative abilities (Or something)

Is this because, as Blind Dragon said, the old msconfig was not the real one (Or something like that..?) and that's why I could do things like that. If not, maybe you could have an explanation?

Also, how would I make this account have said abilities to do that, it's the only account on the computer (Except admin in safe mode) and the only one I use.

 

[SwimChao]

Also, should I delete other tools used in this process?

CWShredder and VirtumondoBegone <-- (Last one was suggested by someone before I came here)

And any answer to the post above?

 

[Bobbye]

An exercise in patience would get you further. There are many who need help with problems. The helpers can't always get right back to you. You will be answered.

 

[SwimChao]

I apologize. I actually meant the post to be about the existing tools left on my computer. I just threw the last part in so it wouldnt' be disregarding the above post.

 

[xxdanielxx]

yes OTMoveIt2 should remove all of that if not remove it by deleting it

 

[SwimChao]

Thanks, Daniel. Will do. Did you have any idea about the msconfig admin thing? (<- Very descriptive)

 

[xxdanielxx]

go to control panel and user accounts then change your account type to admin

 

[SwimChao]

It says I am already admin. Weird why when I close msconfig it says "An access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes."

I didn't even try to change anything.

Sorry for so many problems, thanks in advance

 

[xxdanielxx]

post a fresh hijackthis log something is not right

 

[SwimChao]

Daniel, I've attached the log.

Standing by for future orders.

 

[Blind Dragon]

java is out of date and I saw some things in CF that probably should have been removed

 

[SwimChao]

I'm completely under control of the two of you, just tell me what to do to start/continue fixing the problem and I will do it

 

[Blind Dragon]

Update your Java Runtime Environment

• First try going to Start -> Control Panel -> double click Java
  
• Select the Update Tab at the top of the Java console
• Click the Check for Updates button at the bottom
• If it finds the newer version (Java 6 Update 7) Follow the on screen instructions (uncheck the yahoo toolbar option)
• After it installs the newest version Go back to Control Panel -> Add/remove programs (programs and features in vista)
• Uninstall any older versions of Java

====================================================

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

 

[SwimChao]

Blind Dragon, I've attached the log as asked.
Waiting for your next orders.

 

[Blind Dragon]

going through your log did you install mIRC yourself?

 

[SwimChao]

Yes, I haven't uninstalled it. I used it for a couple days, but left it. Only using it now and then.

 

[Blind Dragon]

Ok, before I finish your script I need you to upload these and post the results back here

C:\Documents and Settings\BESTBUY\LOCALSYSTEM\Temp\asbp2poa.sys
C:\WINDOWS\System32\drivers\dqaohaqg.sys
C:\Documents and Settings\BESTBUY\LOCALSYSTEM\Temp\osymids.sys
C:\Documents and Settings\BESTBUY\LOCALSYSTEM\Temp\whidclas.sys


Upload a File to Virustotal
Please visit Virustotal found HERE

• Click the Browse... button
• Navigate to the file See each file listed above
• Click the Open button
• Click the Send button
• Copy and paste the results back here please.

 

[SwimChao]

Blind Dragon, In my Documents and Settings folder, there is no BESTBUY, there is a Bestbuy but inside there is no LOCALSYSTEM folder. I will upload the system32 file while I wait for your response.

 

[SwimChao]

Scratch that -- I can't find those folders/files where they say they are.. Any suggestions?

 

[Blind Dragon]

in XP click tools -> folder options -> view tab -> check show hidden files and folders

 

[SwimChao]

I did as you've directed but I still don't said files.
Waiting for your next orders.