Major Redirection Problems, and a Few Other Apps Disabled

I have all the following:

Links in google search results are redirected to scam or malware sites.

If you attempt to follow a link from a search done from the redirection page, you are redirected yet again, to a scam or malware site.

Yahoo search results and links are still working normally.

My spybot will not scan. I don't know whether real-time protection is disabled, but I would bet it is.

Fortunately, the Avira Antivir scanner is still working; I'm running a complete scan right now but I very much doubt anything will show up from it. I am hoping that I still have real time protection by Antivir, but who knows at this point?

The hijack this program I installed last summer is working; I will post a log below.

System Restore is apparently disabled; there are no January restore points and the calendar is frozen.

Biggest Problem of All: I can not browse to any well known computer security web site. There must be close to 100 or who knows how many sites I can not go to, everything from avira (which is my anti-virus) to the spybot site, to malwarebytes, to bleeping computer, to major geeks, and so on and so forth. I can not reach any of these sites with any of 3 browsers: IE 7, Firefox 2, or Netscape 2.0.

My ideas so far, but I don't have anywhere near enough knowledge to pick and choose between them:

--Download a new browser such as Google Chrome and hope that I can then go to important security sites for badly needed assistance.

--Do a system restore, if anyone knows a way to do it with the wizard for it apparently not working.

--Go into safe mode and run an anti virus scan and / or do other things in safe mode. (My brother always talks about going into safe mode when I have a major problem.)

--Just hunker down and follow instructions given to me here.

I am working on this full time for as much as the next week. I can't live with the state my computer is in now, so the only alternative I have if I can not get rid of most or all of this malware is to completely wipe my drive clean and start over. But aside from very much not wanting to do that in general, I have some doubts about whether my "recovery disc" would really work if it was put to the test.

So please help me and I swear on a stack of bibles I will not allow this to happen again (I think I know what caused this to happen, and I feel like a total, absolute jerk for letting by guard down). Thank you very sincerely and very much and I will keep my fingers crossed I will get my partly crippled computer back in gear within a week at the most (hopefully faster, since I am willing to work about 15 hours a day on this).

 

I already disabled but have not yet removed Google Toolbar. I have 2 Google Toolbar programs showing, one for Explorer and one for Firefox.

I have already removed a program I never heard of before, "Python," and a separate "extensions" module for it. Wikipedia says that Python is a high level programming language, but I am hardly a high level programmer, and have never heard of the language or the program before spotting it on my list tonight. When I deleted the extensions, I got one of those crazy little windows. It said, approximately: "1180 files and 75 directories deleted, but 2 files could not be deleted." Python itself was removed, apparently, without incident.

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:23 AM, on 1/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\uTorrent\uTorrent.exe
c:\program files\antivir personaledition classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.statcounter.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 85.119.135.135:80
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe "
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167928861828
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13544 bytes

 

With regard to downloading the DDS tool referenced in the header topic, I can't do it right now, because the malware I have is stopping me from going to any of the mirrors. Were it just the google search links redirecting, I wouldn't be so worried and upset, but this thing has got me very worried because I can't visit any of the well known computer security web sites right now!

 

I want to mention a small number of other things and then I will shut up and wait, because I am really not much more than a beginner when it comes to dealing with malware, and I've just about run out of things I dare to do.

1. I clicked on an ad here and there is one site I can get to at the moment: Bit Defender. I was surprised.

2. I earlier got rid of a program called Python, which is a programming language application. The trouble is, I never downloaded it to my knowledge, and certainly never used it. I also got rid of "Python extensions," which upon it's deletion gave me a strange little window: "1180 files and 75 directories have been deleted, but 2 files could not be deleted." (I have not lost any of my documents to my knowledge.)

3. At this time I am running a complete AntiVir scan, but I doubt it will show anything. I can do hijack this scans, but I see that they are not desired here until DDS is done. The big problem for me is that I can not get to DDS right now, unless someone knows of a not very well known site where it can be accessed. I am being blocked from most of the common security sites in all browsers. But I am still thinking that if I downloaded a new browser I might be able to get to these sites.

4. It's me, myself, and I; I live in a remote area, and I just moved here 3 months ago, and I don't know anyone who could make data discs for me, so I can not use that workaround for not being able to download from the security sites. This is why I keep stressing that I need a way to be able to get to get to the sites that are called for here at Windows BBS, such as DDS and ComboFix and so forth.

5. I can immediately post hijack this logs if requested.

So that's it for now; I'll shut up now and wait my turn.

 

I am working on this full time, but I am far from being a computer or malware expert, so there is going to be a lot of wasted time for me. But I deserve it, because I am taking responsibility for acquiring the virus and I believe I know how it happened and I will never allow it again.

The new news is more bad than good. The Bad News:

1. I downloaded Google Chrome but the installer shuts down; it will not install.
2. I was able to download and install Opera, but it was just wishful thinking that the virus would not act through new browsers; I have all the redirections on Opera.
3. Apparently I can not go to bit defender after all.
4. I thought I had an installed Panda Security application, but it seems I only have supporting files, including the security library, and there is no way to scan without going to the Panda site, which of course I can not do.
5. I had to do some kind of network repair and a computer reboot just to get on the internet when I awoke. (I generally leave my computer on 24 hours a day, and my internet connectivity was lost while I was sleeping.)
6. Unless someone can email me or give me a download site which will not be blocked, I CAN NOT get access to DDS or ComboFix at this time.
7. System restore still seems to be frozen and disabled.

Good News:
1. My internet is working with normal speed, as is the computer overall. I can still visit most or all sites other than popular security sites.
2. I was able to download and install the Opera browser, but see (2) in the bad news.
3. I can use Hijack This. (Mentioned already, but worth repeating)
4. I can get to the Rootkit Repeal site and so most likely I can use that.
5. I can do AntiVir scans. The one I did last night turned up two detections; both were quarantined, and neither appear to have anything to do with the massive problem I have.

One of the two detections was a problem going back to last summer that is very strongly suspected to be a false positive detection. The other one was new but clearly unrelated: it was a possible trojan detected in a file joining archive file. But the scanner passed by that file several times in the past with no detection. So the bottom line is that the anti virus scan essentially showed a clean system. So much for that, lol.

Proposals, in no particular order:
--I use the Rootkit Repeal program
--I start uninstalling browsers, starting with Explorer, and then installing fresh. (That's more wishful thinking I'm afraid, right?) By the way, last night I tried running Explorer with all add ons disabled, and that didn't solve the problem and of course made most web pages look really bad.
--I go over my hijack this and my Rootkit Repeal log if I can get one, line by line, and see if there is anything that obviously should be removed.

In case I sound like I know what I am doing, which I doubt I do, but if I do, believe me, I don't really know what I am doing. But I am unable to stop working on the problems.

I will continue to be extremely cautious in my efforts, so as to not make the situation worse, as I wait for any advice or instructions I get here.

Since everyone else seems to be getting this malware removed using DDS and ComboFix, right now my highest priority is to be given instructions on how to be able to use those programs when I can't get to the commonly known sites where they are accessed. Or, is there any possibility that I can do this with Hijack This, Rootkit Repeal, and Avira AntiVir alone?

 

I am very happy to report that it appears my problem is solved. My brother, who is an engineer but not a computer engineer, gave me the number to a friend of his who is a computer specialist, and we exchanged emails. He analyzed my Hijack This log, and told me to do the following:

right click Start > left click Properties > Hardware > Device Manager > View > Show Hidden Devices > Non-Plug and Play Drivers (expand it) > right click TDSservs.sys > disable it.

This immediately fixed the problems. As soon as this was done, the virus was disarmed! The google links worked again and I could browse to computer security sites again!

So I then downloaded the Malware Bytes scanner, which is very powerful and up to date, and it discovered and removed 17 infected files and registry keys, at least 10 of which constituted the major attack on my system.

Now my system is working great, with the internet at the highest speed it has been at in months. It's funny how over many months your internet slows down very gradually due to gradually picking up trojans and so forth, and you don't really notice it because of how slowly it is changing, but when you speed back up again, it's obvious.

So it appears I am set right again. I have learned my lesson and will not be taking more unnecessary risks. Because I was lucky that even a powerful anti-malware scanner worked. Some attacks, like boot viruses and self replicating viruses, can not be removed by even the most powerful scanners.

So I am leaving for now and hopefully I won't be back. Laugh out loud. No, seriously, I know I'll be back sooner or later, but the next time it will not be even 1/10 my fault that I'm here!

Thanks to everyone who read my postings and thanks very, very much to anyone who has been thinking about how to respond to someone who can't get to security sites even though he came to windowsbbs!

 

Hi tremaine

I'm happy to hear of your progress while awaiting a response ....... congratulations.

I do recommend you go ahead and post a DDS log for review so we can see if anything remains to be cleaned up.