Ruthless Cyber-Thugs - Help needed.

[Lame Gamer]

Okay. I am online with the problem computer - it's as problematic as ever.
Problems listed in the order in which they occurred:

1. Apparently - my ISP only allows me to have one PC online at a time - unless I use a router. (which, seems like a bad idea in my case) Called ISP to swap my internet access back to the infected PC, from the temporary PC I had conjured from closet-clutter.

2. So I wouldn't get them mixed up with the duplicates I am about to download directly, I decided to delete the existing versions of tools I had copied to this PC from disk.

3. Before I could do that, I had to search for my desktop - as it had gone missing. All the icons that used to be here... they were just not here anymore. No idea why. This was a new one that I hadn't seen before. Anyways - while trying to restore those, I kept getting error messages - saying there was not enough free space to add anything to my desktop. Again - not sure why. Knowing that I should have almost 600 GB of free space laying around somewhere, I stopped by disk manager to check - and the 'not enough free space' messages went away after that. So, I proceeded to delete existing copies of these tools.

4. Strangely, some of those tools were impossible to delete - because, they were in use by another program! It was some DOS application with letters, numerals, and at least one "$" for a name. The error window closed itself before I had time to grab a screenshot. After a couple additional restarts, I was able to find/delete all remaining tools (that I know of) At least, I don't think I missed any.

I shall now attempt to download the tools once again. Sorry it's taking so long - but I'm telling you, this computer is haunted. I have no control over it what-so-ever. I've looked at these logs, and at least half of the programs that have been installed on this system I've never even heard of, in many cases - I've no idea what these programs are for. I only know they weren't here before, and I've had this computer for almost a year without all the strangeness I'm seeing now.

After those are downloaded, I'll disconnect cable from my network adapter, run the tools again, in order. Will post the logs here as I go... assuming I ever get past RK.

P.S. I should also mention, all these files and folders have mysteriously shared themselves, once again. I'm unable to 'unshare' any of them. No matter what I try, those settings refuse to stick. I have no idea why; the computer never gives me a reason - it just sits there quietly and ignores me while I make repeated attempts to unshare everything, over and over again. Something is seriously messed up here, and it's making me feel crazy - whatever it is.

[Lame Gamer]

Files successfully downloaded to *current desktop* of haunted PC:

rk1
rk2
(rk3 produced 404 error/file not found)
rk4
RSITx64
aswMBR

Will post logs next...

[Scolabar]

Hi Lame Gamer,

I appreciate you are trying to be helpful, but please can you slow down and not to make too many replies unrelated to the instructions or information I have requested. I will have to digest everything you have posted and then try to work out an effective next set of instructions. The more posts you make the longer it is going to take me to process everything and come back to you.

Please can you just perform the steps requested and, if you are unsure of anything, please stop and ask the question. Then please wait for my next response and be patient. Otherwise it will only impede our progress and will mean the attempted cleanup process will take much longer.



Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

[Scolabar]

Hi Lame Gamer,

Apologies for the confusion and inconvenience. Thank you also again for your patience.

I would like you to download and install an alternative Anti-virus product to avoid the problems you have been encountering.

I need to reiterate the importance of following exactly the instructions below:

Please read these instructions carefully before executing and perform the steps, in the order given.
lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Please make sure your 'infected' computer is connected to the Internet.

Step 1:
Uninstall Spybot - Search & Destroy

I need you to uninstall Spybot - Search & Destroy temporarily as it can interfere with any of the cleanup tools I ask you to use. You can reinstall this programs once the system has been declared clean:

1. Depending on your view setting under Control Panel, select either:
   
   Start > Control Panel > Uninstall a program.
   or
   Start > Control Panel > Programs and Features and then under the Programs heading, click on Uninstall a program.
2. Scroll down the list of installed programs and locate the following program:
   
   Spybot - Search & Destroy
3. Right-click on Uninstall to uninstall it.
4. When finished Close the Control Panel window.
5. Restart the computer to complete removal of the program.

Step 2:
Install Anti-virus Software

I need you to install an alternative reliable Anti-virus program.

To protect your computer from infection download a (free for personal use) anti-virus program from one the following reliable vendors, but please do not install it until I ask you to do so.

Microsoft Security Essentials ** - New, from Microsoft, with email scanning, easy to install, easy to use.
** Your PC must run a genuine version of the Windows OS to install Microsoft Security Essentials.

1. Download the new Anti-virus product to your computer desktop.
2. Save any work. Close all applications, especially your Internet connection.
3. Uninstall Avast! Anti-virus product as follows:
   
   
   

   • Then depending on your view setting under Control Panel, select either:
     
     Start > Control Panel > Uninstall a program.
     or
     Start > Control Panel > Programs and Features and then under the Programs heading, click on Uninstall a program.
   • Scroll down the list of installed programs and locate the following program:
     
     avast! Free Antivirus
   • Right-click on Uninstall to uninstall it.
   • When finished Close the Control Panel window.
4. Reboot your computer, if not done during the uninstall.
5. Install the new Anti-virus product following the installation instructions. You may be asked to reboot the computer to complete the installation. Please do so, if asked.
6. Check for updates to the new Anti-virus product, if not done during install setup.
7. Run a full scan of your computer.

Please Note: You should run only one Anti-virus program at a time. Having more than one Anti-virus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Step 3:
RSIT (Random's System Information Tool)

Let's now re-run RSIT.

1. Ensure RSITx64.exe is on your Desktop.
2. Select Start > All programs > Accessories > Run.
3. Copy and paste the following command into the run box and click OK, Do not include the word Quote:
   

   "%userprofile%\desktop\rsitx64.exe" /info

4. Click on the Continue button at the disclaimer screen.
5. RSIT will start running.
6. When the program has finished two logs files will automatically open in Notepad:
   
   • log.txt <-- Will be opened, maximized.
   • info.txt <-- Will be minimized on task bar.
7. Please Copy and Paste the entire contents of both log.txt and info.txt files into your next reply.
   Note: These logs can be lengthy, so post 1 log per reply please.

Step 4:
Include in Next Post

1. Did you have any problems carrying out the instructions?
2. log.txt.
3. info.txt.
4. Please also attach any screen shots you mentioned in your earlier posts that you may still have and might help assist us in resolving your malware issues.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

[Lame Gamer]

Hello... and, please don't close me! lol. I had to go out the the woods and help with firewood unexpectedly today. Tomorrow too, but I should get done early. Either way... I'll be working on this by sunset tomorrow.

And I see you've changed the game plan on me! lol... My turn to try to keep up with you this time? I don't mind, but sorry if I've been holding up the show here. It wasn't my intention. But, since you DID change the game plan... I suppose my small victory with RKILL yesterday is kind of irrelevant now. Hmffffph. lol.

What I was planning to tell you is, I actually got RKILL to run... kinda. I worked on it all day yesterday. Look:

====
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 09/09/2011 at 21:28:55.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Leslie\Desktop\rkill.com
C:\Users\Leslie\Desktop\rkill.scr
C:\Windows\SysWOW64\grpconv.exe


Rkill completed on 09/09/2011 at 21:28:59.
=====

(Erm... try to overlook those 2/3 entries where RK has terminated itself for now. K? lol. It's a log, it exists... and it's not blank. After waging war on that sucker for a whole day, trying to figure out why I was having so much trouble.. the fact that I GOT a log at all felt somewhat LANDMARK to me at the time. :D

The bad news is...in the process of trying to figure out why I was having such a hard time with RK, and trying to get that to run? I found some other stuff that might need to be fixed too now. I'm not sure.

I found at least 4 unique processes that were, (er, are still) interfering with my ability to run RK on this machine, and preventing RK from detecting anything. (Either directly, or indirectly - through Avast.) The really bad news is - for every single time I tried to run RK from here? It seems a huge folder was created in the process. Over and over again. (Can't remember exactly how many of those I have now, I was too tired by the time I went to bed... but I do know it's at least 84 so far...lol. Normal? :/

Either way... with the new game plan, I'm not sure if you will want to take a closer look at that right now or not. I don't mind uninstalling anything, and if RK is off the agenda.. that doesn't bother me either. RK isn't going to run on this system as it is now anyway - at least not without causing some major hissy fits. I did made a screenshot for you, which attempts to illustrate what seemed to be happening when I ran RK. I'll post that here, but if it's irrelevant now - no worries, just ignore it.

As for me, I need to go get some sleep. I shall return in 20 hours (hopefully sooner than) ... to work on whatever is on the to-do list when I get back. Again, thank you so much for helping me with this big yukky mess... (and please don't close my thread. lol)

~Les

[Scolabar]

Hi Lame Gamer,

Thank you for the update.

Please can you make sure you carefully read all the instructions provided in my previous post and follow them exactly as requested.
Also, please make sure you close all open program and explorer windows before proceeding with the instructions.

I addition, as mentioned in my initial post:

5. DO NOT run any other fix or removal tools unless instructed to do so!
6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.

I'll wait to hear back from you.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

[Scolabar]

Hi Lame Gamer,

It has been over 48 hours since my last post.

1. Do you still need help?
2. Do you need more time?
3. Are you having problems following my instructions?
4. In line with Malware Removal's latest policy, topics will be closed after 3 days without a response.
5. If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

[Cypher]

This topic has been archived due to inactivity.

If it has been three days or more since your last post, and the helper assisting you posted a response to which you did not reply, your thread will not be re-opened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested previously, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send your helper a private message (pm). A valid, working link to the closed topic is required.