Help Malware, Hijackthis, Combofix... nothing works

[d12littlec]

Hopefully someone can help me with this.

I clicked on a link yesterday and it drove my computer crazy, the internet froze and when i rebooted it had the windows antivirus virus and the google redirect virus.

i've tried running malwarebytes (it wont load) i've tried running combofix (wont load) hijackthis (wont load) i've tried renaming them and all and nothing works, i've done this in safe mode and normal mode......any advice anyone can offer me? i cant seem to get a log because it wont let me run the programs

 

[strategic]

You need to do these steps in order, if you don't use it already, use the a/v software shown in the tutorial,
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/. Which a/v software are you currently using? If it isn't Avast or Avira, disbale or uninstall it.

 

[d12littlec]

Doesnt help

im trying to do those steps but i've tried running avira 3 times and in the end it finds a bunch of virus's but it doesnt let me copy them to post here and when i click repair all it just disapears without doing anything. do i go forward to the next step?

 

[d12littlec]

This is the startup log i've gotten hijackthis to post. Anything i should remove or do with this?

StartupList report, 8/10/2009, 11:35:39 AM
StartupList version: 1.52.2
Started from : C:\Program Files\ghfybhj\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\CID6LNCH.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
C:\Program Files\IP Scanner\Receiver\MGS.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\ghfybhj\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Acrobat Speed Launcher.lnk = ?
FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
ImageReceiver.lnk = C:\Program Files\IP Scanner\Receiver\MGS.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
Persistence = C:\WINDOWS\system32\igfxpers.exe
IAAnotif = "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
CID_LNCH = C:\WINDOWS\system32\CID6LNCH.EXE
LogMeIn GUI = "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
mcagent_exe = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
McAfee Backup = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
MBkLogOnHook = C:\Program Files\McAfee\MBK\LogOnHook.exe
Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
avgnt = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
Browser Address Error Redirector - C:\Program Files\BAE\BAE.dll - {CA6319C0-31B7-401E-A518-A07C3DB8F777}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
(no name) - (no file) - {F54AF7DE-6038-4026-8433-CC30E3F17212}
(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
McDefragTask.job
McQcTask.job

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 8,418 bytes
Report generated in 0.281 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

[strategic]

im trying to do those steps but i've tried running avira 3 times and in the end it finds a bunch of virus's but it doesnt let me copy them to post here and when i click repair all it just disapears without doing anything. do i go forward to the next step?

You'll have to be patient and wait for one of the virus/malware guys look through this. You should have a log file for Avira somewhere...
Actually you can see a log, when you look at the main software page. Copy and paste it into a new text file.

 

[d12littlec]

Yes, this is the Avira log. sorry about that


Avira AntiVir Personal
Report file date: Monday, August 10, 2009 10:19

Scanning for 1618860 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HIALEAHMAIN

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 8/7/2009 16:51:24
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 14:21:42
ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 8/3/2009 16:36:07
ANTIVIR3.VDF : 7.1.5.85 445952 Bytes 8/7/2009 16:48:21
Engineversion : 8.2.0.248
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 18:31:50
AESCRIPT.DLL : 8.1.2.23 455033 Bytes 8/7/2009 16:51:13
AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 14:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 14:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 18:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 14:59:39
AEHEUR.DLL : 8.1.0.154 1917302 Bytes 8/7/2009 16:51:03
AEHELP.DLL : 8.1.5.3 233846 Bytes 7/23/2009 14:59:39
AEGEN.DLL : 8.1.1.55 356723 Bytes 8/7/2009 16:48:34
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 14:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Monday, August 10, 2009 10:19

Starting search for hidden objects.
'34917' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'tt.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'mcsysmon.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'fxssvc.exe' - '1' Module(s) have been scanned
Scan process 'winvnc4.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'novacomd.exe' - '1' Module(s) have been scanned
Scan process 'MpfSrv.exe' - '1' Module(s) have been scanned
Scan process 'Mcshield.exe' - '1' Module(s) have been scanned
Scan process 'McProxy.exe' - '1' Module(s) have been scanned
Scan process 'McNASvc.exe' - '1' Module(s) have been scanned
Scan process 'mcmscsvc.exe' - '1' Module(s) have been scanned
Scan process 'MBackMonitor.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
Scan process 'ramaint.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'AsfIpMon.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'MGS.exe' - '1' Module(s) have been scanned
Scan process 'KMFtp.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'McAfeeDataBackup.exe' - '1' Module(s) have been scanned
Scan process 'mcagent.exe' - '1' Module(s) have been scanned
Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned
Scan process 'CID6LNCH.EXE' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
60 processes with 60 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '66' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Program Files\cesar\HijackThis.exe
[WARNING] The file could not be opened!
C:\Program Files\McAfee\VirusScan\mcods.exe
[WARNING] The file could not be opened!
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[WARNING] The file could not be opened!
C:\Program Files\Trend Micro\cesar\HijackThis.exe
[WARNING] The file could not be opened!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[WARNING] The file could not be opened!
C:\SDFix\catchme.exe
[WARNING] The file could not be opened!
C:\SDFix\apps\Cghtme.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP523\A0030797.nfo
[DETECTION] Is the TR/Dldr.Small.alyl.4 Trojan
C:\WINDOWS\system32\scecli.dll
[WARNING] The file could not be opened!

Beginning disinfection:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP523\A0030797.nfo
[DETECTION] Is the TR/Dldr.Small.alyl.4 Trojan
[NOTE] The file was moved to '4ab03756.qua'!


End of the scan: Monday, August 10, 2009 11:05
Used time: 45:43 Minute(s)

The scan has been done completely.

4128 Scanned directories
310545 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
10 Files cannot be scanned
310534 Files not concerned
3149 Archives were scanned
10 Warnings
3 Notes
34917 Objects were scanned with rootkit scan
0 Hidden objects were found

 

[Bobbye]

d12littlec, you need to start over with guidance. We have none here at this time. Please see if this site can help you: http://www.tech-101.com/virus-malware-removal/

All forums have a guide for running the programs. If they can't be run, others will be suggested and/or you will be assisted.. Please follow that. The log you left will have to be replaced.