Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I feel violated and I'm offended. Please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I feel violated and I'm offended. Please help!

Unread postby askey127 » June 20th, 2011, 7:40 am

Please don't forget the Avira Antivir scan and log I asked for.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: I feel violated and I'm offended. Please help!

Unread postby FireItUp » June 20th, 2011, 6:47 pm

Sorry, didn't forget. Just ran out of time during the scan. Here is the latest Antivir scan log...

Avira AntiVir Personal
Report file date: Sunday, June 19, 2011 23:01

Scanning for 2791238 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-FSYLY0JTWN

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/1/2011 22:07:43
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2011 22:07:57
LUKE.DLL : 10.0.3.2 104296 Bytes 4/1/2011 22:07:53
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:15:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 21:15:47
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 04:40:03
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 04:40:12
VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 04:40:12
VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 04:40:12
VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 04:40:12
VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 04:40:13
VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 04:40:13
VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 04:40:13
VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 04:40:14
VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 04:40:14
VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 04:40:15
VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 04:40:16
VBASE015.VDF : 7.11.9.42 136192 Bytes 6/6/2011 04:40:17
VBASE016.VDF : 7.11.9.72 117248 Bytes 6/7/2011 04:40:18
VBASE017.VDF : 7.11.9.107 130560 Bytes 6/9/2011 04:40:18
VBASE018.VDF : 7.11.9.143 132096 Bytes 6/10/2011 04:40:20
VBASE019.VDF : 7.11.9.172 141824 Bytes 6/14/2011 04:40:21
VBASE020.VDF : 7.11.9.214 144896 Bytes 6/15/2011 04:48:48
VBASE021.VDF : 7.11.9.244 196608 Bytes 6/16/2011 04:48:49
VBASE022.VDF : 7.11.9.245 2048 Bytes 6/16/2011 04:48:49
VBASE023.VDF : 7.11.9.246 2048 Bytes 6/16/2011 04:48:49
VBASE024.VDF : 7.11.9.247 2048 Bytes 6/16/2011 04:48:49
VBASE025.VDF : 7.11.9.248 2048 Bytes 6/16/2011 04:48:50
VBASE026.VDF : 7.11.9.249 2048 Bytes 6/16/2011 04:48:50
VBASE027.VDF : 7.11.9.250 2048 Bytes 6/16/2011 04:48:50
VBASE028.VDF : 7.11.9.251 2048 Bytes 6/16/2011 04:48:50
VBASE029.VDF : 7.11.9.252 2048 Bytes 6/16/2011 04:48:50
VBASE030.VDF : 7.11.9.253 2048 Bytes 6/16/2011 04:48:50
VBASE031.VDF : 7.11.10.14 64000 Bytes 6/20/2011 03:59:17
Engineversion : 8.2.5.20
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/28/2011 21:15:27
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/15/2011 04:40:40
AESCN.DLL : 8.1.7.2 127349 Bytes 3/28/2011 21:15:27
AESBX.DLL : 8.2.1.34 323957 Bytes 6/15/2011 04:40:40
AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 17:21:38
AEPACK.DLL : 8.2.6.9 557429 Bytes 6/18/2011 04:48:58
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/15/2011 04:40:36
AEHEUR.DLL : 8.1.2.128 3547512 Bytes 6/18/2011 04:48:56
AEHELP.DLL : 8.1.17.2 246135 Bytes 6/15/2011 04:40:29
AEGEN.DLL : 8.1.5.6 401780 Bytes 6/15/2011 04:40:28
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/28/2011 21:15:19
AECORE.DLL : 8.1.21.1 196983 Bytes 6/15/2011 04:40:26
AEBB.DLL : 8.1.1.0 53618 Bytes 3/28/2011 21:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/28/2011 21:15:31
AVPREF.DLL : 10.0.0.0 44904 Bytes 4/1/2011 22:07:42
AVREP.DLL : 10.0.0.10 174120 Bytes 6/15/2011 04:40:42
AVREG.DLL : 10.0.3.2 53096 Bytes 4/1/2011 22:07:42
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/1/2011 22:07:43
AVARKT.DLL : 10.0.22.6 231784 Bytes 4/1/2011 22:07:38
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 4/1/2011 22:07:41
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/28/2011 21:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 3/28/2011 21:15:39
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 4/1/2011 22:07:58
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/28/2011 21:15:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, June 19, 2011 23:01

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'iexplore.exe' - '94' Module(s) have been scanned
Scan process 'iexplore.exe' - '80' Module(s) have been scanned
Scan process 'SpamSub.exe' - '28' Module(s) have been scanned
Scan process 'BackWeb-137903.exe' - '83' Module(s) have been scanned
Scan process 'SDII.exe' - '24' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '43' Module(s) have been scanned
Scan process 'MEAutoDetect.exe' - '20' Module(s) have been scanned
Scan process 'MSMSGS.EXE' - '42' Module(s) have been scanned
Scan process 'avgnt.exe' - '51' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '18' Module(s) have been scanned
Scan process 'qttask.exe' - '19' Module(s) have been scanned
Scan process 'Monitor.exe' - '31' Module(s) have been scanned
Scan process 'realsched.exe' - '27' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '31' Module(s) have been scanned
Scan process 'hpztsb08.exe' - '20' Module(s) have been scanned
Scan process 'shwicon2k.exe' - '20' Module(s) have been scanned
Scan process 'LTMSG.exe' - '15' Module(s) have been scanned
Scan process 'VTTimer.exe' - '18' Module(s) have been scanned
Scan process 'KBD.EXE' - '58' Module(s) have been scanned
Scan process 'hphmon05.exe' - '24' Module(s) have been scanned
Scan process 'hpqcmon.exe' - '30' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '119' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '46' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'CommandService.exe' - '23' Module(s) have been scanned
Scan process 'CSHelper.exe' - '16' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '48' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'sched.exe' - '45' Module(s) have been scanned
Scan process 'spoolsv.exe' - '60' Module(s) have been scanned
Scan process 'Explorer.EXE' - '130' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '163' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '50' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1735' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: Monday, June 20, 2011 01:27
Used time: 2:25:58 Hour(s)

The scan has been done completely.

17968 Scanned directories
635474 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
635474 Files not concerned
15056 Archives were scanned
0 Warnings
1 Notes
483553 Objects were scanned with rootkit scan
1 Hidden objects were found
FireItUp
Regular Member
 
Posts: 23
Joined: November 5th, 2006, 2:09 am
Location: St. Louis. MO

Re: I feel violated and I'm offended. Please help!

Unread postby FireItUp » June 20th, 2011, 7:02 pm

As far as computer performance is concerned, I seem to have all of my files back. However, all of my internet search results are re-directed to other sites. I'm OK to click on links or select a favorite. It is only when I try to click on results from Google, Bing, Yahoo, etc.
FireItUp
Regular Member
 
Posts: 23
Joined: November 5th, 2006, 2:09 am
Location: St. Louis. MO

Re: I feel violated and I'm offended. Please help!

Unread postby askey127 » June 20th, 2011, 7:09 pm

FireItUp,
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I feel violated and I'm offended. Please help!

Unread postby FireItUp » June 21st, 2011, 12:38 am

I installed the latest version of Adobe Reader. It is already asking me to update. I assume I should do that whenever it pormpts me to?

TDSSKiller didn't go so smooth. I was able to show the file extension and I renamed it to the same thing you did in the example. It's now listed as a MS-DOS application. When I try to run it, it still doesn't run. Nothing happens. I don't know what else to do with it.
FireItUp
Regular Member
 
Posts: 23
Joined: November 5th, 2006, 2:09 am
Location: St. Louis. MO

Re: I feel violated and I'm offended. Please help!

Unread postby askey127 » June 21st, 2011, 6:30 am

FireItUp,
It is OK, and desirable, to Update Adobe Reader when they ask.
If they don't ask to install the update again , start Adobe Reader, click the Help tab and choose "Check For Updates"

Are you connecting to the Internet through a router?
Are there any other machines on the same router? If so, do the other machines also get redirects?
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are 4 different versions. If one of them won't run then download and try to run one of the other ones.
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links and save to your Desktop:
Rkill.exe
RKill.com
RKill.scr
Rkill.pif
  • Double-click on the Rkill desktop icon to run the tool.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If it doesn't run on the first try, please try to run it another two or three times.
  • If it still does not run, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided after trying each a few times, please let me know.
-----------------------------------------------------------
Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. UNCHECK the following ...
    • IAT/EAT
    • Drives/Partitions other than C:\
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any other programs while Gmer is running.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • Answers about a router and any other machines
  • Gmer.txt
Please feel free to use separate replies.
Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I feel violated and I'm offended. Please help!

Unread postby FireItUp » June 22nd, 2011, 12:38 am

I tried to run the first three of the rkill programs with what appeared to be no success. After I ran the file, I never saw the black DOS box pop up for any of them. I did see my hourglass popping up like it was doing something, then it would refresh the screen real fast. I ran each one a few times. It will not let me delete the files, it says they are either write protected or in use. The fourth link for the .pif file did not work.

I also have noticed my computer is running very rough at the moment. I can't play videos with sound and they are very choppy. It also is just sluggish to respond in general.

I do have a router that I use for my PS3 and net book. The net book is not having issues with search redirects and it plays videos just fine.

Don't know if I should proceed with the gmer step. I'm ready to go office space on this thing out in the front yard. Considering trying to talk my finance manager (wife) into allowing me to just buy a new computer.
FireItUp
Regular Member
 
Posts: 23
Joined: November 5th, 2006, 2:09 am
Location: St. Louis. MO

Re: I feel violated and I'm offended. Please help!

Unread postby askey127 » June 22nd, 2011, 7:16 am

Gmer won't hurt if it will run. I would try it.
The computer appears to either have a "rootkit" infection, or has had so many "trojan horses" installed that we can't find them all.
In the good guys vs. bad guys battle, the latest infections try to keep your machine from running any tools that will correct the problem.

You can try to download and run a specially named version of rkill here:
iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
see if you can get it to run. It will attempt to shut off the bad guys processes that stop the tools.

Then you can try to run TDSSKiller and/or Gmer.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I feel violated and I'm offended. Please help!

Unread postby FireItUp » June 23rd, 2011, 12:20 pm

Well, I believe my computer may have suffered a catastrophic fate.

First off, after I made my last post about the rkill programs not running, one ran. It didn't run for several hours later. The computer was very sluggish and slow and I could not get it to shut down. I hit ctrl-alt-delte, and I noticed there were like 10 ieexplorer processes running, cuasing my machine to fluctuate up to 100%. As I tried to end these processes, the usage % would just shift to another. Then I had the DOS box pop up to say it was running rkill, and it did. I finally got the computer to shut down.

My wife turned it on yesterday to check email, and she says it came up but was running slow again. When I went to start doing your instructions last night, the screen was black with a blinking white cursor in the upper left corner. I couldn't get it to respond until I hit ctrl-alt-delete. The blue hp screen that pops up when the computer is booting came up and just stated there. This is the screen you can hit f10 for system restore or f3 for settings. Suddenly the screen went black again and my computer started make loud noises, clicks and beeps. Finally, the black screen had a message that there was an error and it was unable to boot. Insert system disk.

I had to hold in the power button to turn it off and get the noise to stop. I tried again and the same thing happened. I think I may just be getting a new computer at this point.
FireItUp
Regular Member
 
Posts: 23
Joined: November 5th, 2006, 2:09 am
Location: St. Louis. MO

Re: I feel violated and I'm offended. Please help!

Unread postby askey127 » June 24th, 2011, 2:58 pm

Since the machine has suffered a catastrophic failure, it would need to be taken to a Service shop, or replaced altogether.
It does appear that it will not be a candidate for online repair.

We will close out this thread.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware