Laptop in Serious Trouble...

[SgtSimpson]

Recently My Laptop (Vista, Service Pack 2) has been Getting a Screen Which Just has a Small Proportion of the screen Repeated to fill the entire Screen. At First i Thought it was Just Overheated But Avast! and Panda Cloud Stopped Working (Could not Start Modules etc.)I Downloaded Malwarebytes to find 24 Infections but then to Get the Screen Which I mentioned Above.

Windows Defender (Very Outdated Version, Would not let me update) Had a Fake ECard Trojan in the Vault so I Deleted that to no avail.
I Cannot Get the Screen or the Logs of Malwarebytes as it had not Finished.

I Have also Run TDSS Killer and GMER (Didn't Finish, it came up the screen)

Any Help Would Be Appreciated.

many Thanks,
            SgtSimpson

P.S I Know its Not Overheating as it only happens when Running Security programs.
PP.S The Screen Only happens when running Firefox, Chrome or Security Programs (However it does not effect Windows Defender.)
PPP.S None of the Safe Modes work

[SgtSimpson]

Anyone?
This Is VeryUrgent!

[Pondus]

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs here in this topic and not in the guide )


To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI

Essexboy will look at the logs when posted

[SgtSimpson]

Thanks for the Reply!
I'll Put the OTS Log As Soon As It's Finished.
I Just Want to Update my Post Saying that SuperAntiSpyware Found Mywebsearch and a few other Pieces of adware before crashing. It Also Found a Unknown Piece of Something with an Unknown Origin. I Would give you the log except the laptop Crashed.
OTS Log Uploaded and Attached.

[essexboy]

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]


[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (CLTNetCnService) Symantec Lic NetConnect service [Auto | Stopped] ->
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[SgtSimpson]

Here is the OTS Fix Log

Ill Upload the Combofix log as soon as I Can!

Many Thanks For Helping me!

EDIT: ComboFix wont finish. Ive Left it for an Hour but it's stuck at like 99%. Ive tried this on administrator as well.
Any Ideas?

I Don't Mind Upgrading to Windows 7 as I Dont have any important files.

[essexboy]

On the following programme I am more interested in the analysis scan - so if the AV scan fails then just run the analysis part.  As the log is a zip file and the forum does not allow that type of attachment then upload to Mediafire and post the sharing link.
 

Download AVPTool from Here to your desktop
 
Run the programme you have just downloaded to your desktop (it will be randomly named )
 
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan 
Once it has finished select report and post that.
 

 
Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop
 
Now an analysis scan
Select the Manual Disinfection tab 
Press the Gather System Information button 
Once done Open the last report saved folder  then attach the zip file to your next post zip 
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
 

[SgtSimpson]

I had Already Beat you to the Scan!
It Showed i had a Generic malware 32: Hack tool in my recovery Call Wiz.exe

Here is the System Info From The Program:
http://www.mediafire.com/?fo8nkea4idia2j3

[essexboy]

On completion of this run can you check safe mode, if it is available then retry Combofix please

• Re-run AVPTool
• Select the Manual Disinfection tab 
  
• Where it states Step 3 paste in the following disinfection script and press execute

Code: [Select]

begin
SetAVZPMStatus(True);
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 RegKeyDel('HKLM','SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}');
 DeleteFile('F:\autorun.inf');
 BC_DeleteFile('F:\autorun.inf');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(10);
BC_Activate;
RebootWindows(true);
end.

• Your system will reboot on completion, if it does not please do so yourself 
• On completion please run another analysis scan and attach the zip file 

 

[SgtSimpson]

http://www.mediafire.com/?gcm3rb3w7rvcm8v
Here is the Zip Again. After the Fix was Done.
Ill Get the combofix now if it works

Sorry about the long time to reply!


Question: Comboxfix is saying that panda and Avast are still active despite being stopped from Task manager. Do I Continue?

[essexboy]

Yes continue but do not let them quarantine any files...  Right click the Avast orange blob select shield control and disable for one hour

[SgtSimpson]

Avast or panda Are not Even On. No Exe's for them. Nothing. Like i Said I Stopped the Service in Task manager. So I'm Green to Go Then?

[essexboy]

Yep run away 

[SgtSimpson]

Ok Then!
Thank you For Helping me This Far!
It's On Stage 3 At the Moment.

[SgtSimpson]

Here it is:
Note: I have had this laptop for 2 Years now just Watching movies. So Whats Here isnt mine.