Virus has disabled all my protection programs

[littlemango]

When I start my computer, I get the message, "Sorry for the inconvenience, but SuperAntispyware Free Edition has to close"  And when I try to open it again, immediately the same message appears.  When I try to open MBAM, I double-click and nothing will open.  The same thing happens with SpybotS&D.   I used HiJackThis and posted my report using the Computer Hope Process tool and followed the cleaning steps, however, I still cannot open the programs.  Also, I forgot to mention another symptom, whenever I do a search using Google, and the results are displayed, and I click a link, I get redirected to some other random pages. 

Here is the link to the report that was saved: http://www.computerhope.com/cgi-bin/process.pl?o=1165814

Thank you in advance for anyone's help!

[harry 48]

http://www.filehippo.com/download_ccleaner/


go to above and try to download and run if you can , run cleaner page and registry page twice , take out

 what ever comes up

[littlemango]

Ok, I downloaded and ran CCleaner twice and removed everything it said.  Unfortunately, all of my symptoms still exist (I cannot open SUPERAntiSpyware Free, Spybot S&D, nor MBAM.  And my searches are still redirected to other websites.).  Attached is a HijackThis log.  Please help!

[attachment deleted by admin]

[luck of the irish]

http://www.computerhope.com/forum/index.php/topic,46313.0.html

Did you try there?

[littlemango]

Yes, I started with that page, but it was difficult to do because I cannot open those programs...   I used the Computer Hope HijackThis process tool and followed all of its removal instructions, but to no avail. 

[evilfantasy]

Try the renamer download for Malwarbytes.

http://kixhelp.com/wr/files/mb/randmbam.exe

The randmbam.exe will try to create random names and shortcuts for Malwarebytes Anti Malware (MBAM) if you have it installed already.

If it installs then use this link to download the updates.

Download Malwarebytes' Anti-Malware Database - GT500.org

Just download it to the desktop and run the exe then run Malwarebytes.

[littlemango]

I was able to download and run the renamer download for Malwarebytes.  But then afterward I downloaded the updates and I could no longer open Malwarebytes.  I get this message: The database you are using is not supported by this version of Malwarebytes' Anti-Malware.  Download the latest version of the program.

[evilfantasy]

Download RegQuery by Noviciate to your desktop

• Copy the following registry keypath.

Code: [Select]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

• Double click RegQuery.exe to run the program
  
• Paste the text you have copied using CRTL and V, into the textbox
  
• Click the Query button
  
• A Notepad file will open. Please paste the contents in your next reply
• You may now close the RegQuery program.

[littlemango]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\System32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
"VIDC.MPG4"="mpg4c32.dll"
"VIDC.MP42"="mpg4c32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"msacm.vorbis"="vorbis.acm"
"vidc.yv12"="yv12vfw.dll"
"msacm.at3"="atrac3.acm"
"MSVideo8"="VfWWDM32.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
"mixer"="rdpsnd.dll"

[evilfantasy]

Download ComboFix from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop.

Link 1
Link 2
Link 3

Rename ComboFix to Combo-Fix before saving it to the desktop.





Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

[littlemango]

ComboFix 09-07-06.01 - justin 07/06/2009 14:52:02.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.991.712 [GMT -7:00]
Running from: C:\Documents and Settings\justin\Desktop\Combo-Fix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DBI.EXE
C:\Documents and Settings\justin\Application Data\inst.exe
C:\WINDOWS\Installer\8933582.msp
C:\WINDOWS\system32\cysqwixp.exe
C:\WINDOWS\system32\drivers\MSIVXhvyljercvjixrasrmtavuoepdkwasmtk.sys
C:\WINDOWS\system32\jlpbfwig.exe
C:\WINDOWS\system32\msadio.dll
C:\WINDOWS\system32\MSIVXcount
C:\WINDOWS\system32\MSIVXeydlpjppahrhsntfuledocrrtlbvmwpr.dll
C:\WINDOWS\system32\MSIVXngysfigpjmyokmcjduwivctvhkpfraqp.dll
C:\WINDOWS\system32\ruymbisg.exe
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\xpxicdtn.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys
-------\Legacy_CORE


(((((((((((((((((((((((((   Files Created from 2009-06-06 to 2009-07-06  )))))))))))))))))))))))))))))))
.

2009-07-05 22:42:27 . 2009-07-05 22:42:28   0   d-----w-   C:\Program Files\CCleaner
2009-07-01 23:53:32 . 2009-07-01 23:53:32   0   d-----w-   C:\Program Files\Trend Micro
2009-07-01 22:24:04 . 2009-07-01 22:27:22   0   d-----w-   C:\Documents and Settings\justin\Local Settings\Application Data\Temp
2009-07-01 03:33:34 . 2009-07-01 03:33:34   0   d-----w-   C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-01 02:45:38 . 2009-07-01 02:45:38   0   d-----w-   C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2009-06-30 15:28:00 . 2009-06-30 15:28:00   0   d-----w-   C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2009-06-26 22:31:22 . 2009-06-26 22:31:22   0   d-----w-   C:\Documents and Settings\justin\Application Data\VirtuaWin
2009-06-26 22:31:09 . 2009-06-26 22:31:11   0   d-----w-   C:\Program Files\VirtuaWin
2009-06-26 05:00:39 . 2009-06-26 05:01:05   0   d-----w-   C:\Documents and Settings\justin\Application Data\Launchy
2009-06-26 05:00:19 . 2009-06-26 05:00:27   0   d-----w-   C:\Program Files\Launchy
2009-06-24 21:26:42 . 2009-06-24 21:28:40   0   d-----w-   C:\Program Files\DVD-Cloner Platinum
2009-06-23 18:43:52 . 2009-06-23 18:43:53   152576   ----a-w-   C:\Documents and Settings\justin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-22 22:23:26 . 2009-06-22 22:23:26   239088   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-20 07:37:02 . 2009-06-20 07:37:16   0   d-----w-   C:\Program Files\Pod to PC
2009-06-19 05:06:57 . 2009-07-03 00:59:29   487072   ----a-w-   C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-19 05:04:45 . 2009-06-19 05:18:54   0   d-----w-   C:\Program Files\DVDFab 6
2009-06-17 19:11:59 . 2009-06-17 19:32:16   0   d-----w-   C:\Documents and Settings\justin\Application Data\GrabIt
2009-06-13 05:20:20 . 2009-06-13 05:20:20   8854   ----a-r-   C:\Documents and Settings\justin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2009-06-13 05:20:20 . 2009-06-13 05:20:20   40960   ----a-r-   C:\Documents and Settings\justin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2009-06-13 05:20:20 . 2009-06-13 05:20:20   10134   ----a-r-   C:\Documents and Settings\justin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2009-06-13 05:20:15 . 2009-06-13 05:20:15   0   d-----w-   C:\Program Files\Western Digital Technologies
2009-06-12 07:25:47 . 2009-06-12 08:04:04   0   d-----w-   C:\Documents and Settings\justin\Local Settings\Application Data\WBFSManager
2009-06-12 07:24:10 . 2009-06-14 01:09:17   0   d-----w-   C:\Program Files\WBFS
2009-06-10 04:02:28 . 2009-06-10 04:03:36   0   d-----w-   C:\Program Files\AMT
2009-06-09 16:30:42 . 2009-06-09 16:31:26   0   d-----w-   C:\Program Files\iTunes
2009-06-09 16:08:12 . 2009-06-09 16:08:12   75048   ----a-w-   C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 19:35:16 . 2008-09-09 01:17:27   0   d-----w-   C:\Program Files\Malwarebytes' Anti-Malware
2009-07-05 22:43:37 . 2008-09-08 06:52:52   0   d-----w-   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-03 00:58:49 . 2007-07-05 09:29:21   0   d-----w-   C:\Documents and Settings\justin\Application Data\uTorrent
2009-07-02 08:12:16 . 2008-07-23 07:12:41   0   d-----w-   C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-07-01 23:32:19 . 2008-09-08 06:52:52   0   d-----w-   C:\Program Files\Spybot - Search & Destroy
2009-07-01 09:10:04 . 2008-02-22 05:05:42   0   d-----w-   C:\Program Files\SUPERAntiSpyware
2009-07-01 09:05:21 . 2009-01-02 08:01:31   2967799   -c--a-w-   C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-26 04:54:27 . 2009-05-29 05:03:16   0   d-----w-   C:\Program Files\DVDFab 5
2009-06-26 04:54:23 . 2009-05-29 05:03:40   0   d-----w-   C:\Documents and Settings\justin\Application Data\Vso
2009-06-26 04:54:21 . 2009-05-29 05:03:41   47360   ----a-w-   C:\Documents and Settings\justin\Application Data\pcouffin.sys
2009-06-26 04:54:21 . 2009-05-29 05:03:41   47360   ----a-w-   C:\Documents and Settings\justin\Application Data\pcouffin.sys
2009-06-23 18:45:36 . 2006-02-20 18:17:48   0   d-----w-   C:\Program Files\Java
2009-06-19 22:23:58 . 2009-06-05 15:40:38   0   d-----w-   C:\Program Files\Google
2009-06-17 18:27:56 . 2008-09-09 01:17:29   38160   ----a-w-   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-06-17 18:27:44 . 2008-09-09 01:17:30   19096   ----a-w-   C:\WINDOWS\system32\drivers\mbam.sys
2009-06-09 16:30:47 . 2006-03-13 03:51:30   0   d-----w-   C:\Program Files\iPod
2009-06-09 16:30:32 . 2008-09-26 06:56:08   0   d-----w-   C:\Program Files\Common Files\Apple
2009-06-09 16:27:33 . 2009-03-17 21:25:18   0   d-----w-   C:\Program Files\QuickTime
2009-06-05 23:03:16 . 2006-02-20 00:38:13   0   d-----w-   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-06-05 18:42:38 . 2009-03-17 21:20:49   2060288   ----a-w-   C:\WINDOWS\system32\usbaaplrc.dll
2009-06-05 18:42:38 . 2008-09-26 06:57:00   39424   ----a-w-   C:\WINDOWS\system32\drivers\usbaapl.sys
2009-06-03 06:53:53 . 2009-04-22 07:04:00   0   d-----w-   C:\Program Files\LG PC Suite II
2009-06-01 22:00:22 . 2009-06-01 22:00:22   0   d-----w-   C:\Documents and Settings\All Users\Application Data\vsosdk
2009-06-01 08:31:26 . 2001-08-23 12:00:00   359808   ----a-w-   C:\WINDOWS\system32\drivers\TCPIP.SYS
2009-05-29 05:10:45 . 2009-05-29 05:10:44   0   d-----w-   C:\Program Files\HandBrake
2009-05-29 05:03:41 . 2009-05-29 05:03:41   47360   ----a-w-   C:\WINDOWS\system32\drivers\pcouffin.sys
2009-05-27 00:10:00 . 2009-05-14 04:55:20   0   d-----w-   C:\Program Files\eMusic Download Manager
2009-05-27 00:09:47 . 2009-05-14 04:55:46   0   d-----w-   C:\Documents and Settings\justin\Application Data\eMusic
2009-05-21 22:12:55 . 2009-05-21 22:12:55   359808   ----a-w-   C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2009-05-14 21:45:11 . 2007-01-06 05:46:36   0   d-----w-   C:\Program Files\PartyGaming.Net
2009-05-12 22:33:16 . 2009-05-12 22:31:11   0   d-----w-   C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-23 02:13:30 . 2009-05-05 00:58:58   98304   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-04-23 02:13:30 . 2009-05-05 00:58:58   77824   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-04-17 23:58:28 . 2009-04-22 01:57:56   954368   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\PicLensHelper.exe
2009-04-17 23:58:28 . 2009-04-22 01:57:56   103424   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\pixomatic.dll
2009-04-17 23:58:28 . 2009-04-22 01:57:54   344064   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\LaunchCooliris.exe
2009-04-17 23:58:26 . 2009-04-22 01:57:56   1161626   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\avcodec-51.dll
2009-04-17 23:58:26 . 2009-04-22 01:57:55   71652   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\avutil-49.dll
2009-04-17 23:58:26 . 2009-04-22 01:57:55   65536   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\components\coolirisstub.dll
2009-04-17 23:58:26 . 2009-04-22 01:57:55   4579328   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\cooliris18.dll
2009-04-17 23:58:26 . 2009-04-22 01:57:55   4534272   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\cooliris19.dll
2009-04-17 23:58:26 . 2009-04-22 01:57:55   131868   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\avformat-52.dll
2006-05-04 05:20:24 . 2006-05-04 05:20:24   454   ----a-w-   C:\Program Files\Shortcut to games.lnk
2006-02-20 00:37:56 . 2006-02-20 00:37:37   1117491   -c--a-w-   C:\Program Files\DVD_Shrink_v3[1].2_Install.exe
2009-03-10 16:30:50 . 2009-03-10 16:30:50   5817072   ----a-w-   C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

I followed ComboFix basically all the way to the end, until it had the dialogue of Don't Open any programs.  It stayed like that forever until I closed it.  I found this log in the C:/ folder.  And there are some new shortcut icons on my desktop.  On a good note, my protection programs open like a charm now. 

[evilfantasy]

That is not the complete ComboFix log. Can you repost it in it's entirety please.

[littlemango]

I didn't think that was complete, I must have messed it up by exiting early.  What should I do?

[evilfantasy]

Run ComboFix again.

It should complete in under 10 minutes this time. No longer that 20 minutes. I need the whole log.

After running ComboFix again then run Malwarebytes again and post the log also.

Open Malwarebytes' Anti-Malware.

• Click the Update tab.
• Click Check for Updates
  
• If an update is found, it will download and install.
• Click the Scanner tab.
  
• Select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[littlemango]

For some reason I can no longer run Combo Fix.  I come up with this error:

Some files could not be created.
Please close all applications, reboot Windows and restart this installation

I did so several times, but the command prompt would never appear.  What's wrong?