Lot’s of things here. You are using service pack 1. Do not attempt to install sevice pack 2 untill the machine is clean.
We’ll start with this
- Download and run this removal tool for 180 Search
http://securityresponse.symantec.com/avcenter/Fix180Sh.exe
Please download ComboFix from Here or Here to your Desktop.
Do Not Run It Yet, we will run it a little differently.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop
- Go to add remove programs and uninstall the following if present
Rabio
180Search assistant
Yazzle
QdrDrive
QdrModule
- Open HJT, run a system scan only, check mark these lines if present
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\sbwltbxa.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {3712b7f2-1dd2-11b2-a814-d414ee082346} - C:\WINDOWS\nkvchwjs.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BndBlock5 BHO Class - {82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B} - C:\Program Files\QdrDrive\QdrDrive10.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM..\Run: [pgdqjady] regsvr32 /u “C:\Documents and Settings\All Users\Application Data\pgdqjady.dll”
Close all other browsers/windows, click fix, close HJT.
** Now for combofix
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
[*]Close any open browsers.
[*]WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
[]Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[]If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Open a new Notepad session (Do not use a Word Processor or WordPad). Click “Format” and be certain that Word Wrap is not enabled.
Copy and paste all the text in the quote box below into Notepad.
Click File, Save as…, and set the location to your Desktop, and enter (including quotation marks) as the filename: [b]“CFscript.txt”[b] . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.
File::
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\nkvchwjs.dll
C:\WINDOWS\bolgxafm.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\QdrDrive\QdrDrive10.dll
C:\Program Files\QdrModule\QdrModule12.exe
Folder::
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Program Files\QdrDrive
C:\Program Files\QdrModule
This will start ComboFix .Close all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HJT log.
Attaching the logs is fine. DSS should have install hijackthis for you.
Thanks