Have updated Spybot and Adaware, Hijackthis has been hijacked

Unknown

I took my computer in and had it cleaned of infections after my attempts failed.
My main prob still existed after it came home. Hijackthis will not open, only for a second, then closes. I cannot open my task manager.
As soon as I connect to the internet a page opens explaining that I have to click "yes" to get rid of the pop up. The address in my browser is www.sodhell.com it cannot be blocked.
They describe themselves as sodohell in the paragraph that explains something about a survey.
My operating system is XP office

I am at my wits end on this one
Updated Adaware and Spybot don't fix the prob.
I have not found anything related in other forums.
Any help is appreciated.
Thank You!

GHoosdum

Please save Hijack this to a commonly accessible folder, such as C:\HJT and then reboot in safe mode (press F8 while the PC is booting and select "Safe Mode" from the options list) and try to run Hijack This after you do that.

kbrant

Thanks GHoosdum,

here is the log
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Kirk Brandt\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [restrictanonymous]
O4 - HKLM\..\Run: [Microsoft IT Update] winsyst32.exe
O4 - HKLM\..\Run: [Windows Firewalll] winmu.exe
O4 - HKLM\..\Run: [yahoo.com] Iexplor.exe
O4 - HKLM\..\Run: [MCAFInstaller_vsoins.ui] E:\Vsc\Enu\MCAPPINS.exe /v=3 /start=vsoins.ui::default.htm
O4 - HKLM\..\Run: [Outlook Express] dbwiz.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamagr32.exe
O4 - HKLM\..\RunServices: [Windows Firewalll] winmu.exe
O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32sD.exe
O4 - HKLM\..\RunServices: [EnableDCOM] N
O4 - HKLM\..\RunServices: [yahoo.com] Iexplor.exe
O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\RunServices: [Microsoft IT Update] winsyst32.exe
O4 - HKLM\..\RunServices: [Outlook Express] dbwiz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSN Messenger] esrcikh.exe
O4 - HKCU\..\Run: [Microsoft IT Update] winsyst32.exe
O4 - HKCU\..\Run: [Windows Firewalll] winmu.exe
O4 - HKCU\..\Run: [yahoo.com] Iexplor.exe
O4 - HKCU\..\Run: [Microszoft Update Mach1nezs] svchst.exe
O4 - HKCU\..\RunServices: [MSN Messenger] esrcikh.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1089487577841
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38187.4028240741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.1.2083/bin/imvid.cab

I noticed this one right away
O4 - HKCU\..\Run: [Microszoft Update Mach1nezs] svchst.exe
it reinstalls right after I delete it,

thanks again
Kbrant

GHoosdum

Remove this stuff:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [restrictanonymous]
O4 - HKLM\..\Run: [Microsoft IT Update] winsyst32.exe
O4 - HKCU\..\Run: [Windows Firewalll] winmu.exe
O4 - HKCU\..\Run: [yahoo.com] Iexplor.exe
O4 - HKCU\..\RunServices: [MSN Messenger] esrcikh.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

When you remove the files using Hijack This, make sure you find them all on your hard drive and move them to a new folder: C:\Quarantine - rename all the .exe files to .eee (just change the extensions) and the .cab file to .ccc.

You seem to have several viruses. Please check your "hosts" file (Should be under C:\Windows\System32). Open the file with notepad and take out any entries that start with 127.0.0.1 besides "127.0.0.1 localhost" and then update AVG and run a full virus scan.

kbrant

Thanks,
I did the above and my browser is not hijacked anymore relief!, but,
Hijackthis and AVG cannot be opened. I cannot update AVG.
These apps open for a second then close.
I appreciate your advice, anything else would be great as your previous advice was fruitful.
I am assuming to run AVG in safe mode and go from there, I am doing this now.
Thanks again,
Kbrant

GHoosdum

AVG may have been compromised in some way. Your best bet is to uninstall and reinstall the program if you still can't run a scan with it. Some virus is probably still around and affecting AVG's operation. If all else fails, there are some websites where you can run a virus scan for free.

Leonardo

Maybe the shop that serviced your computer does not deserve follow-on business from you.