System Security Virus - How to Copy Hijack this Log File

I have the system security virius. I have run the hijack this and cannot copy the log files for posting. Thanks for the help.

Hello, can you rename HijackThis to winlogon.exe and see if you can copy it here.

that didn't help - the "notepad" file blinks for a second and then disappears

Can you try opening it in wordpad? Right click on the text file-->Click on Open with-->Word pad, if its not once of the options select browse and find wordpad.

That doesn't either - it just pops up for a second and disappears

I see, please do the following:

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

No luck - it will not even open when I click on it

I see, rename Malwarebytes to winlogon.exe and see if it runs now.

I know I begining to sound like a broken record, but no luck with that either

Ok please do the following:

Please download Ice Sword from HERE

1. Download the zip to your desktop and extract it.
   
2. Open the Ice Sword folder and then launch IceSword.exe.
   
3. Then look in the left hand bottom of the program and press "Registry"
   
4. When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
   
5. Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:
   
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
   
   
6. Now look in the right side pane for two run values that are just random numbers.
   
7. Once you have found the value(s), right click it and press "Delete"
   
8. Okay the prompt and close IceSword.
   

okay - only had one value and I was able to delete it = now should I reboot, because once I closed ice sword nothing else happened.

Noplease do not, now try to run Malwarebytes, make sure its renamed to winlogon.exe.

Nope....

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

before I try this, I am working on a separate computer and copying the files to a stick drive = is this an issue

update...my computer shut down and when I turned it back on it no longer went to that annoying blue screen - it looks "normal" now? I can't imagine, but does this mean it is fixed??

never mind - its back.,,,

no its ok as long as you are getting the data from the infected computer, please run ComboFix.

downloaded both combo fix and spyware doctor. Installed spy doc received error code: unable to register the DDL/OCX RegSvr 32 failed with exit code OxFFFFFFFF - then given chance to abort, ignore retry. Cannot run program (will not open when clicked) neither will the combo fix file

Try to run ComboFix in Safe mode with Networking:

Please do the following in Safe Mode with Networking: as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions: