I have tried...Everything.

[essexboy]

A few more to delete now that I can see them

Please re-open HiJackThis and scan.  Check the boxes next to all the entries listed below.

O20 - Winlogon Notify: winysd32 - winysd32.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.

________________________

Please download the OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\ur.dat
C:\Program Files\wt3d.ini
C:\WINDOWS\SYSTEM32\winysd32.dll

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

________________

Plus 3 files that are suspicious need to be checked out

Jotti File Submission:

• Please go to Jotti's malware scan
  
  
• Copy and paste the following file path into  the  "File to upload & scan"box on the top of the page:
  
  
  • C:\WINDOWS\system32\6618C5C771.sys
• Click on the submit button

Then repeat for the next two files

C:\WINDOWS\system32\B79B2158C1.sys
C:\WINDOWS\system32\C158219BB7.sys

• Please post the results in your next reply.

[Zack]

Sorry for the late reply.

Results for OTMoveIt
C:\ur.dat moved successfully.
C:\Program Files\wt3d.ini moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\winysd32.dll not found.
_____

C:\WINDOWS\system32\6618C5C771.sys  - Found Nothing
C:\WINDOWS\system32\B79B2158C1.sys  - Found Nothing
C:\WINDOWS\system32\C158219BB7.sys  - Found Nothing


You want any New logs?


Edit: How do I know if its not already gone.

[essexboy]

If your system is running OK then not unless you want to run this final deep analysis programme to remove any remnants.  This one will require multiple posts again

 Download WinPFind3u.exe  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Close ALL OTHER PROGRAMS.
  
• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  
• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.