Malware issues/ popups redirects

Hello, I got some malware that resulted in my most of my desktop icons, all pictures and documents going missing. Also I get google redirects to the point I can't search at all.

I read all the steps here to take and didn't skip any although some didn't work. Where I got so far was, I got my icons back and pic and doc files but they are like ghost images. The were hidden files that I was able to access.
I still get ruthless popups in the for of "a scrip error has occured" bla, bla, bla,
and chronic google search redirects where I can't search at all. I also get page redirect popups.

I have tried to use "hijack this" but am running Vista and can't remove anything in my registry. It says to run as "admin", I've tried to but maybe don't know how to fill out the dialog boxes correctly. So Hijack isn't doing me any good.

I have gone to an earlier restore point to get to my 'puter to at least work where before all I had was a black screen with a fake hard disc error report. I also did a clean up, and Spybot scan and came up clean.

So help me be able to run Hijack this, as I think I can fix the other issues. Any help in the right direction will be appreciated.

 

Ok, re: Fixing Google Redirection/Hijacking Problems
Trying to flush the DNS cache.
I get a message, "OPERATION REQUIRES ELEVATION"

How do I get around this? I am the only user on this computer, bought it brand new at Best Buy.

another thing, in step 4, the link TDSSKiller does not work, all I get is a blank page.


TIA

 

Downloaded TDSSKiller to desk top tried to run as Admin, wouldn't do anything. Changed the name to fun.com, clicked to run and got blue screen and a crash, twice in a row, then clicked to delete, crashed again.

Ran SAS, yielded 99 issues, removed and quarentined.

Still pop ups, less frequent though and google is inoperative because of constant redirects.

now what?

TIA

 

How do I move TDSSKiller to C root drive? It's on my desk top. I'm attempting to run it as Admin, I checked the box. I changed the file name, then the extension to .com, when I click the icon on my desktop all I get is a dialog box asking for permission to run, I click OK, then a quick flash, nothing else. The program wont open.

What I've done:
ATF Cleaner
Flushed Java Cache
Rebooted DSL modem router
Downloaded TDSSKiller
unchecked tea timer on SBSD
downloaded SAS and run several times (latest 1 adware found)
Defogger.exe
Malwarebites Anti-Malware, run (no threats found)
MG Tools.exe
Root Repeal.exe

I've restarted 'puter several times, still have redirect problems with Google and Bing

I still can't getTDSSKiller to run.


spent over 3 hours today alone.

What now?

TIA

 

I'll work on attaching the logs.

I downloaded the 'killer just a couple of hour ago and all I get when clicking it is a "user account control" dialog box that I click OK, then a quick flash and nothing. I'm running it as Admin, and have changed the name to a .com extension.

BTW for the last week or so I continually get popups, "an error has occured running scripts...."

What now?

 

Here's a log

 

another log from today

 

Sorry, correction, from today

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/09/2011 at 02:03 PM

Application Version : 4.52.1000

Core Rules Database Version : 6977
Trace Rules Database Version: 4789

Scan type : Quick Scan
Total Scan Time : 00:08:49

Memory items scanned : 599
Memory threats detected : 0
Registry items scanned : 2234
Registry threats detected : 0
File items scanned : 10888
File threats detected : 1

Adware.Tracking Cookie
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@adserv.brandaffinity[1].txt

 

another

 

First scan a few days ago showing removed items

 

I got the MGtools log, but I can't get the Combofix to run. When I try to download it, I get a popup, click on it and get a blank screen, nothing happens. Ideas?

 

MGtools log file attached

Thanks, appreciate all the help you're giving me and your patience.

 

Wondering why you cannot see the contents of the MBToolsZip file?
It works for me. Did I not post the link correctly? Is there another way like copy and paste or ???

Here are the others you asked for, hope these work for you, they did for me.

Thanks again for all your help.

 

Log results

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\ProgramData\jFe01843fGgKm01843 folder moved successfully.
C:\ProgramData\~38854408 moved successfully.
C:\ProgramData\~38854408r moved successfully.
C:\ProgramData\38854408 moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nick
->Temp folder emptied: 433779 bytes
->Temporary Internet Files folder emptied: 1265755809 bytes
->Java cache emptied: 53192 bytes
->Flash cache emptied: 206673 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15706 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2936317 bytes
RecycleBin emptied: 1633652 bytes

Total Files Cleaned = 1,212.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 05132011_191946

Files moved on Reboot...

Registry entries deleted on Reboot...


Hope you can see one of these.

I still get a redirect every time I use google search or bing. Also get "script error" pop up boxes every minute or so.

Thanks, sounds like a tough fix, I'll keep going, thanks for your help!

 

Still have redirect every time I use Google search. Script error pop up boxes don't seem to happen any more.

Making some progress.

 

I followed your instructions explicitly. Typed "bootrec.exe/fixbr", got a few paragraphs of info, then prompt again.

I closed the program and started in normal mode.

I still get script error popups btw, at startup and more or less depending upon what I'm doing. Also first time doing a google search, a redirect as before.

Maybe I'll try again.

I also tried to download 'Killer a few times and execute it but I can't get it to run.

A script error popup I got just now was from: http://celebrity-gossip.net/sites/all/modules/web_widgets/iframe/web_widgets_iframe.js

I don't know where they come from by I can't do anything when the box pops up. Should I choose "keep running scripts" ? or what? or just click the X?

Anyway what next?

TIA

 

Forgot the m in fixmbr and gave it the space. Message after hitting enter, "Fixed successfully".

Unfortunately still have the redirect issue.

I'll try your link on the script popups.

Any other ideas?

TIA

 

Got it fixed!

After creating and running a recovery disc I was able to run combofix. I ran it and it cleaned up some problems but also wiped out my local drivers for my DSL internet networking. I couldn't get online, tried everything I knew, then used system restore and went back as far as I could pre infection date. Everything is perfect now. First thing I tried was a system restore pre infection date before getting on this forum, didn't work then.

Thanks for all your help!