"Digital Protection" Trojan Creating Bigger Poblems

[Tech Challenged]

Hi,

About 2 days ago, I was on the internet and, though I still am not sure how exactly it was downloaded since I did not download anything then, a fake Anti-virus program calling itself "Digital Protection Software" installed itself on my computer. It created a number of problems, some of which I have fixed and some of which are still causing me grief. I have talked to friends who know computers well and we've tried a number of things that have fixed the majority of the obvious issues, but based on my computers performance I believe there are some larger and much more damaging issues still existing on my computer. I would really appreciate some help in clearing this up! Here's what this Trojan has done;

1) It has somehow triggered my computer to think that I am no longer a system administrator. At first, I could not open Task Manager to view Processes, though eventually I managed to access Task Manager. I still, however, get warning messages when I attempt to modify anything in msconfig, that tell me that I can't modify startup programs because I'm not an admin. Oddly, the changes I make still take effect; because of other bugs, I disabled all or almost all of my startup programs, unsure of which ones were causing the issues.

2) I cannot run system restore. I can select a date and time to restore to, click next, but when I get to the screen that says do you want to run system restore, I can click the "next" button a dozen times and nothing happens; it appears to be disabled by the virus? I don't know for sure.

3) When first noticing the problems, I immediately ran Malwarebytes. The scan was completed and a number of problems were found, but after I clicked OK to the notification that says "click 'show results' to display all infected objects", MBAM closes without letting me click Show Results.

4) When running google searches, I am able to run the searches but when I click on any of the search results, the page I click on begins to open but then I am quickly redirected through some website that appears and disappears in the address bar too quickly for me to see, back to the main Google.com. No other issues with my internet connectivity seem to exist, though my overall connection seems to be slower, as is the rest of my computer.

5) The scariest issue occurs on startup. One of the things I did was try starting up in Safe Mode, and then starting up in Safe Mode with Networking, and then Safe Mode with command prompt. Whenever I did either, I would get a long strings of text, most of which began with 0multidisk0 and then had some variation of \system\*various programs* at some point in the line.  In all three of these events, I was forced to do a hard shut down. Unfortunately, when I attempted to reboot normally, I got a message on a windows screen that said that CHKDSK, or something of the sort, was scanning my drive or something (I don't remember what I'm sorry), and that "The volume is dirty". CHKDSK would that begin scanning my files, would scan 100% of them, and would then say "Scannng your indexes". Every time, it would get to about 15% of scanning my indexes, (which it labeled as step 2/3), and would then restart my computer back to the Dell screen. Eventually, I figured out that I could start up in Last Good Configuration, which I'm in now. Someone mentioned that this is possibly an issue with my registry? I don't know enough to agree/disagree.

So what have I done;

I have managed to delete all obvious files and folders relating to "Digital Protection" that I can find. However, when I run msconfig, in the Startup section there is an unchecked startup program called C:\Program Files\Digital Protection\digprot\ -noscan , and I clearly remember deleting digprot, and it is no longer there when I look in my Program files list. Also in msconfig I have sysmon64x, which google labels as a trojan, but which I have unchecked on my startup program list and I cannot find when I run a search for.

I have run Malwarebytes to no avail as described above, have run SUPERAntiSpyware, the log of which I shall attach, as well as HijackThis. After I'm done posting this, I will be enabling on startup all programs related to Norton, my antivirus and firewall, and then restarting my PC and running THAT scan.

I know enough about computers to follow what other internet guides have said and wash my hands of most basic malware items, but I feel over my head in repairing these bigger issues! Help would be greatly appreciated! Thanks in advance.

[recovering disk space - old attachment deleted by admin]

[SuperDave]

Hello  and welcome to

Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Sorry for being so late in getting to your post.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

==================================
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

====================================

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-21-1161266217-414376869-1902029748-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Jeff')
O4 - HKUS\S-1-5-21-1161266217-414376869-1902029748-1011\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Reba')
O8 - Extra context menu item: &Search - ?p=ZUxdm265SGUS
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - (no file)


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
==================================
Please uninstall your version of MBAM, download and run this one.

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
===================================
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Please copy and paste your logs.