Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I don't know what's wrong!


  • This topic is locked This topic is locked
25 replies to this topic

#1 MexicanCutie

MexicanCutie

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:01 PM

Posted 14 June 2010 - 02:55 PM

I am desperately seeking help for my issue and I welcome advice from anyone who may be reading this that knows about IC. My computer keeps loosing it's IC. The TCP\IP address keeps changing and I have to uninstall than reinstall the modem and network adapter. I have ran a few security programs and followed the instructions given but it keeps doing the same thing. I have a Dell Dimension 3000 and I just did a new install of XP 2 days ago. I haven't downloaded hardly anything off the internet but from a cd I kept some programs on. Looks like that was my problem. I keep getting re-directed to weird web sites while looking for help and have lost my IC three times whille trying to post this question. I also have a bunch of registry entries under ShellCompatiblies\Applications. Examples:

DLINK
Nikepsaplay
Camera
Digisette
Ravenp
Creative Nomad
ImageMate
These are all Handlers.

SCSI RICOH
SBP2 IOmega
PCMCIA
Omega Clik Drive
PCI#VEN
LPTENUM#
All these have several entries. A total of about 84.

TSSession Broker
coolcat.exe
and alot of things like ANSIDISPLAYNAMES, FILEOPENBOGUSCTRLW, DOWNLOADER, METASTOCK & Starcraft.

The problem is...I don't know what these things are. They may be harmless or needed so I don't want to delete them.
I know a little about computers I just don't know about ICS because I don't have a network. Under Device Manager I have entries I've never seen before and I have 6 WAN Miniport entries under Network Adapters. Under Non-Plug and Play Drivers (which was hidden) I have 31 entries. example: Wdf01000, severa; Remote Access Drivers, NDProxy...again, I don't know if these are needed but they are marked "demand" under details. If you need anymore information from me, please ask. I'm more than willing to send you information..I just have no idea what to send. Thank you in advance to anyone who may help me.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 PM

Posted 14 June 2010 - 03:10 PM

Hello ,those results are probably just random.. Let's get 2 scan logs and see if we get a direction.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:01 PM

Posted 14 June 2010 - 03:56 PM

ok, I'll work on getting those logs for you. Thank you for responding.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 PM

Posted 14 June 2010 - 08:02 PM

No problem,, I'll look back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:01 PM

Posted 14 June 2010 - 09:15 PM

Ok Whew! Everything ran well. No real problems but again my computer is slow, and I'm still having some TCP\IP Issues. Sorry I don't have more information but I really don't know anything about network stuff. This is my only computer and I have no network and NO other computers or devices should be connected to this computer. Thank you again. I'l be waiting to hear from you.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4198

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/14/2010 2:17:11 PM
mbam-log-2010-06-14 (14-17-11).txt

Scan type: Quick scan
Objects scanned: 126276
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-839522115-1604221776-725345543-1003\Dc10.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-839522115-1604221776-725345543-1003\Dc11.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-839522115-1604221776-725345543-1003\Dc8.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-839522115-1604221776-725345543-1003\Dc9.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\ernel32.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\3o7oC1s9.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\3s7e31kU.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\79317gM.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7eIQ7w3.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\aAA931sK.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\g79317.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\i3qGMYWSK.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\O1793aAA.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\Ipopya.exe (Trojan.Fraudpack) -> No action taken.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\MSWD-f3535f0d.job (Trojan.DNSChanger) -> No action taken.


SUPER ANITSPYWARE

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/14/2010 at 06:42 PM

Application Version : 4.39.1002

Core Rules Database Version : 5066
Trace Rules Database Version: 2878

Scan type : Quick Scan
Total Scan Time : 03:22:38

Memory items scanned : 209
Memory threats detected : 0
Registry items scanned : 984
Registry threats detected : 0
File items scanned : 109742
File threats detected : 26

Adware.Flash Tracking Cookie
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Q7LFXATF\A.ADS2.MSADS.NET
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Q7LFXATF\ADS2.MSADS.NET
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Q7LFXATF\B.ADS2.MSADS.NET

Trojan.Agent/Gen-CDesc[Gen]
C:\!KILLBOX\IW0.EXE
C:\!KILLBOX\IW1.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\IPOPYB.EXE.Q_QUARANTINE_2CFB402_Q

Trojan.Agent/Gen-TDSS
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\F3535F0D.EXE.Q_QUARANTINE_29022401_Q

Adware.Tracking Cookie
a.ads2.msads.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Q7LFXATF ]
ads2.msads.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Q7LFXATF ]
b.ads2.msads.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\Q7LFXATF ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
myap.liveperson.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wctprd8d.default\cookies.sqlite ]

Trojan.Agent/Gen-ImageDocFake
T:\NEW FOLDER\RECOVERY\[NTFS]\[029F76]\SCROLLBARH.BMP
T:\NEW FOLDER\RECOVERY FOLDERS2\[NTFS]\[0013FA]\LYRS=H@121&HL=EN&X=2411&Y=3080&Z=13&S=G[1].PNG

Ok, this spyware scan stopped because I lost my computer connection. User error, not computer error though. If you need the rest I can try and get it to you. The T:\ Drive is where my boys store some of their video games and stuff they have on cd that have been previously downloaded. I'm not niave to the fact that some things they are getting are probably inappropriate but I don't know how dangerous they are. My boys are 16 yrs old and 2(two) 18 year olds so I can only imagine. I can delete most of the stuff if needed.

#6 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:01 PM

Posted 14 June 2010 - 09:18 PM

Sorry, I think this is the scan log report you were looking for. The previous one was before I rebooted I think.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4198

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/14/2010 2:18:07 PM
mbam-log-2010-06-14 (14-18-07).txt

Scan type: Quick scan
Objects scanned: 126276
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-839522115-1604221776-725345543-1003\Dc10.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-839522115-1604221776-725345543-1003\Dc11.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-839522115-1604221776-725345543-1003\Dc8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-839522115-1604221776-725345543-1003\Dc9.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ernel32.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\3o7oC1s9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\3s7e31kU.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\79317gM.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\7eIQ7w3.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\aAA931sK.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\g79317.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\i3qGMYWSK.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\O1793aAA.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Ipopya.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\MSWD-f3535f0d.job (Trojan.DNSChanger) -> Quarantined and deleted successfully.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 PM

Posted 14 June 2010 - 10:04 PM

Hi, yep, Tell them that it's only a matter of time before the next infection, over 90% of those files are infected.
Well we still have work to do.

Due to the type of infection found,it's important you know this.... If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Now run TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Finally and I think this will be it,do an online scan with ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:01 PM

Posted 15 June 2010 - 01:16 AM

Here is the TDSSKiller log file you requested. It ran great. I accidently ran the "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v command twice. While I was running the ESET online scanner all was going well and then at 99.4% it just went back to the homepage. I tried to run the command to get a txt file but it said no file could be found. Probably because it didn't actually finish. And in the process I ran the TDSSKiller command for a second time by accident. I am now running it for a 2nd time. It took about 1 hour 45 minutes and it did pick up 1 infection, but I can't remember what it was. Although it was in the T:\ Drive.

22:52:15:531 1484 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
22:52:15:546 1484 ================================================================================
22:52:15:546 1484 SystemInfo:

22:52:15:546 1484 OS Version: 5.1.2600 ServicePack: 3.0
22:52:15:546 1484 Product type: Workstation
22:52:15:546 1484 ComputerName: T-GOMEZ
22:52:15:546 1484 UserName: Owner
22:52:15:546 1484 Windows directory: C:\WINDOWS
22:52:15:546 1484 Processor architecture: Intel x86
22:52:15:546 1484 Number of processors: 1
22:52:15:546 1484 Page size: 0x1000
22:52:15:578 1484 Boot type: Normal boot
22:52:15:578 1484 ================================================================================
22:52:16:078 1484 Initialize success
22:52:16:078 1484
22:52:16:078 1484 Scanning Services ...
22:52:16:921 1484 Raw services enum returned 287 services
22:52:16:921 1484
22:52:16:921 1484 Scanning Drivers ...
22:52:18:593 1484 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:52:18:703 1484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:52:18:765 1484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:52:18:859 1484 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:52:19:171 1484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:52:19:234 1484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:52:19:328 1484 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:52:19:390 1484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:52:19:484 1484 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:52:19:515 1484 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:52:19:531 1484 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:52:19:625 1484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:52:19:687 1484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:52:19:734 1484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:52:19:796 1484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:52:19:828 1484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:52:19:906 1484 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:52:20:031 1484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:52:20:109 1484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:52:20:171 1484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:52:20:234 1484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:52:20:281 1484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:52:20:328 1484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:52:20:375 1484 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:52:20:421 1484 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:52:20:484 1484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:52:20:546 1484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:52:20:593 1484 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:52:20:734 1484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:52:21:015 1484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:52:21:062 1484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:52:21:125 1484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:52:21:140 1484 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:52:21:250 1484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:52:21:375 1484 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
22:52:21:500 1484 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:52:21:703 1484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:52:21:828 1484 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
22:52:21:953 1484 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
22:52:22:015 1484 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
22:52:22:093 1484 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:52:22:140 1484 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:52:22:171 1484 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:52:22:234 1484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:52:22:296 1484 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:52:22:343 1484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:52:22:375 1484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:52:22:437 1484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:52:22:515 1484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:52:22:578 1484 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:52:22:625 1484 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:52:22:671 1484 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
22:52:22:750 1484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:52:22:812 1484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:52:22:906 1484 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
22:52:22:953 1484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:52:23:000 1484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:52:23:078 1484 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:52:23:125 1484 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
22:52:23:171 1484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:52:23:218 1484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:52:23:250 1484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:52:23:328 1484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:52:23:406 1484 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:52:23:453 1484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:52:23:500 1484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:52:23:531 1484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:52:23:562 1484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:52:23:625 1484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:52:23:687 1484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:52:23:734 1484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:52:23:765 1484 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:52:23:812 1484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:52:23:859 1484 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:52:23:906 1484 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:52:23:953 1484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:52:24:015 1484 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:52:24:046 1484 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:52:24:093 1484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:52:24:156 1484 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:52:24:218 1484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:52:24:250 1484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:52:24:281 1484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:52:24:328 1484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:52:24:359 1484 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:52:24:390 1484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:52:24:437 1484 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
22:52:24:484 1484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:52:24:546 1484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:52:24:578 1484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:52:24:734 1484 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:52:24:781 1484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:52:24:828 1484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:52:24:953 1484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:52:24:984 1484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:52:25:046 1484 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:52:25:125 1484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:52:25:187 1484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:52:25:234 1484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:52:25:296 1484 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:52:25:343 1484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:52:25:453 1484 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:52:25:484 1484 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:52:25:531 1484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:52:25:578 1484 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
22:52:25:625 1484 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:52:25:656 1484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:52:25:687 1484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:52:25:734 1484 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
22:52:25:812 1484 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:52:25:859 1484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:52:25:906 1484 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:52:25:937 1484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:52:25:984 1484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:52:26:062 1484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:52:26:109 1484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:52:26:156 1484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:52:26:171 1484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:52:26:218 1484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:52:26:265 1484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:52:26:312 1484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:52:26:359 1484 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:52:26:390 1484 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:52:26:421 1484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:52:26:437 1484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:52:26:484 1484 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:52:26:500 1484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:52:26:546 1484 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:52:26:578 1484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:52:26:640 1484 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:52:26:734 1484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:52:26:750 1484
22:52:26:750 1484 Completed
22:52:26:750 1484
22:52:26:750 1484 Results:
22:52:26:750 1484 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:52:26:750 1484 File objects infected / cured / cured on reboot: 0 / 0 / 0
22:52:26:750 1484
22:52:26:750 1484 KLMD(ARK) unloaded successfully



And here is the MBAM log file you requested
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4199

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/14/2010 8:35:37 PM
mbam-log-2010-06-14 (20-35-37).txt

Scan type: Quick scan
Objects scanned: 112827
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

It seems to be running without the "glitch" when downloading webpages, but it's still a little slow. Again, I have no problem deleting anything off the T:\ Drive if you could just point me in the direction that will show me how to read the log files and then find the infections. One thing I did notice is that I had two icons for AntiSpyware in the Icon Tray one said Core 5066 Trace: 2875 and the second one was Core 5057 Trace: 2875. Not sure if that means anything. Again, thank you very very much for your time and patience. You guys are great!! I will send the online scanner log file when it's done.

#9 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:01 PM

Posted 15 June 2010 - 02:05 AM



ok, the online scanner finished with no infections. I do have that one file it picked up last time in the quarantine box. I could not get a .txt log file. Here is a screen shot of the files I do have but I don't know how to open them. Also I called the bank right away and got that taken care of so thank you for that. And finally I don't have a network. I am now the only user of this computer (thanks to the new rule changes) and no other computer is in the house. I don't know the difference between internet connection and network connection but I would like to disable all the remote connection, wireless stuff, extra services and all that stuff that is just unnecessary for a single computer to run. I don't even know where to start looking and never knew this stuff had been infected and taken over before yesterday. It makes me soo mad that someone is messing with my computer. But I guess I have to take some responsiblilty...so here I start. Thank you again. We'll I can't figure out how to attatch the screenshot so the files are. Quarantine: NDF, NQF and NQI files. Sorry about that.

Edited by MexicanCutie, 15 June 2010 - 02:08 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 PM

Posted 15 June 2010 - 10:09 AM

It's OK, I am sure I know what it caught as I've seen this before..

Since I sure there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:01 PM

Posted 15 June 2010 - 10:47 AM

Dear Boopme,
I have created the new restore point and deleted the old ones per your instructions. I would like to thank you for all your help. For me it was priceless. I have been struggling with re-infections for about a year and now I know why. I don't think I've had a clean computer for about 1 1/2 since the same files kept being put on the "clean" re-installs. I plan on spending the next few days reading the suggested articles and deleting files. You are a kind person, generous with your knowledge and that says alot about you. So, again thank you. You have truly made my life a little easier and alot less stressful. God Bless You.

MexicanCutie

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 PM

Posted 15 June 2010 - 11:18 AM

Well,thank you...These are the words that make it all worth it. Definately read on and I can not stress the autorun disable enough.
now why Am i singin' this all day...
But it's a real beauty
A mexican cutie
How it got here I haven't a clue



:flowers: :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:01 PM

Posted 15 June 2010 - 02:53 PM

Disabling the Autorun was the first thing I did. The articles are extremely helpful. In particular I'm looking for something that tells me what network services and network setting that I can disable or are not needed for a standard one computer internet connection. My computer is running great! But for the first time I don't have a LAN connection listed under network connections. It's actually blank, it shows no connection but here I am, on the internet. Is that ok? And should there be a connection listed. I still have all that stuff listed in the registry and there are some services I can't stop due to the buttom being greyed out for example terminal services. I don't want to take advantage of your time and generousity so if theres a place or article that specifically address internet/connection issues, what should be there, and what shouldn't I would really appreciate a point in the right direction. And one last thing, I installed Anti-Spyware as you requested, but now I have two anti spywares running. AntiVir and Super. I think they are both real-time enabled. I read somewhere that that can cause a conflict. Should I delete one, or did you want me to keep it on there. Sorry if I confused you, I tried to follow directions exactly like posted and I don't think it said to uninstall Super even if it was inteded. Thanks a million...again. And your singing that song because that's my little trick. That's my favorite song, and that is, of course, how I got the nickname.

Edited by MexicanCutie, 15 June 2010 - 05:15 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 PM

Posted 16 June 2010 - 09:11 AM

Hi, didn't forget you.. Will reply later.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 MexicanCutie

MexicanCutie
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:12:01 PM

Posted 16 June 2010 - 10:03 AM

Hi! Take your time, I'm in no hurry and my computer is running pretty darn good! I will check back later. Thanks for the "heads up." You Rock! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users