Virus that wont go away!

i have a virus tht wont delete even after i went through malware procedures..
i can not search on google, yahoo etc.otherwise internet explorer shuts down
proly a problem with an add on?
whts that?

here are my scan logs!

 

heres my counterspy report..
my panda scan is running at the moment
and hijack this will be in next log.

 

final one..sry

 

Will be awaiting the Panda Log & HijackThis Log.

 

panda!

 

and hijack this!

 

Please rename HijackThis.exe to "analyze.exe", once it's renamed please attach a fresh log.

 

there u goo

 

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed.

Step 2:
Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

Step 3:
Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Step 4:

• Now Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to DomainService
• Then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteDomainService into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will reboot in the next step.

Step 5:
Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Step 6: Begin here after rebooting from Step 5!
Next Reset Web Settings & Default Security Settings

Note for IE 6 users:
To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites. For IE 7 users, simply click the "Reset all zones to default level" button.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.


Step 7:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Step 8:
After you have completed ALL of the above in the correct order, please attach the following logs.

• HijackThis Log
• ShowNew Log
• GetRunKey Log
• Avenger Log

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

here they are.tryna get avanger..

 

avanger log!

 

First, be sure you close ALL antivirus and antispy programs before running this fix.

Now scan with HJT and have it fix the below entries...

Next, run Avenger again just like you did before...

• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Once you have completed this post, reboot a few times and attach fresh logs from the below.

• GetRunKey
• ShowNew
• HijackThis
• Avenger

 

i couldnt find this

and when i reboot my computer an error comes up "no disk" .. try again, cancel, or ok.
the next time i will tell more info on that error..
but here are the logs

 

heres the other scan log u requested..

 

It appears you are rebooting before running my fix which is making it useless because the infection is mutating/changing names.

You must NOT reboot after attaching new logs.

 

Let's try this again, this time REBOOT into Safe Mode and run the fix!

First, let's kill the bad service...

• Now Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to DomainService
• Then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteDomainService into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Next, scan with HJT and have it fix the below entries...

• Now, run Avenger like you have been doing...
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Once you have completed this post, reboot a few times and attach fresh logs from the below.

• GetRunKey
• ShowNew
• HijackThis
• Avenger

 

here they are
the no disk error still comes
but i can search on yahoo and google now!

 

runkeys

 

We need to run Avenger once more...

• Now, run Avenger like you have been doing...
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Once complete, attach the following fresh logs.

• GetRunKey
• ShowNew
• HijackThis

 

it said the following script wasnt found when i copied and pasted..
code error 0

 

Try once more, copy ALL of the text in the quote box below..

 

nope..it says "error cannot create zip file"
and yes i didnt copy all of the files before.

 

Download a fresh copy from the link below and try again. Be sure you get "Files to delete:" because this is what tells Avenger what to delete.

http://swandog46.geekstogo.com/avenger.zip

Be sure you extract it and run from a location such as C:\Avenger.

 

nope..same thing happened

well after all the errors it said :first step completed successful..reboot now? "
then an error came up sagin "location of startup file. c/windowns....
the trohas horse program was found on ur machine and it has been shutdown..but the FILE from which it started still remains, and can be started up again, do u want the file to be removed also? " i said yes,and rebooted..

 

Download Pocket KillBox and save it to your desktop.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

• If you get an error message about Pending Operations, just reboot your computer manually.

Once you complete this, attach the following fresh logs.

• GetRunKey
• ShowNew
• HijackThis

 

here.

 

Please download F-Secure's BlacklightBeta

• Download fsbl.exe and save it to the Desktop.
• Once saved... double click fsbl.exe to install the program.
• Click accept agreement and Click scan
• This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please attach the BlackLight log.

 

there were no files found

 

ok done..

 

there was nuthin found for the fixME scan..
and here are the other 3 scans u requested

 

sry yes i double clicked the wrong icon
and yea everything seems to be working fine!
here is the runkey log

 

ok thanks so much!

also one more question..
i have the following stuff downloaded.
sme of it is from last time and some i just downloaded
tellme what to delete or add?

spybot
spyware blaster
comodo firewall pro
ad adwre
asquared-free
comodo BO clean
and avast antivirus
wow to much protection?

 

yea i have but its confusing!

 

ok thank you so much!
uve made my day
i think ur work is donee:]

 

Yeah, what he says!