I am no where near a computer pro, but I know there is something very, very wrong with my computer and I don’t know the source, but I do know I need to get rid of it.
It seems that other people are having similar problems. Using the tools others have been told to do I went ahead and attached the logs from OTL and aswMBR.
These is one of the threats. It’s usually the same except the IP may change.
Download ComboFixfrom here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully. note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.
Start → All Programs → MCShield → Logs
Attach here → AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
Step3
Delete current aswMBR.exe ( and file C:\Users\Marie\Desktop[b]MBR.dat[/b] ) and download fresh one.
Re-run aswMBR and attach fresh aswMBR.txt log.
New MBR.dat will be created: Zip/Rar - it and attach file here.
I don't have any items for step 2, so here are the logs from 1 and 3.
The logs show traces of use probably infected USB devices. There is the possibility for reinfection.
Do not use any USB devices during malware cleaning.
Step1
Open notepad and copy/paste the text present inside the code box below:
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
Step2
[*]Download TDSSKiller and save it to your Desktop.
[*]Unxip the folder (Right Click > Extract to your Desktop).
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application.
[*]Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
[*]Click on Start Scan.
[*]If an infected file is detected, the default action will be Cure, click on
[*]If a suspicious file is detected, the default action will be Skip, click on Continue.
[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.
[*]Click the Report button and copy/paste the contents of it into your next reply Note:It will also create a log in the [b]C:[/b] directory.
[*] Be sure to disable your security programs
[*] Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
[*] A small window should open on your desktop
[*] if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
[*] If nothing unusual is found just press Enter
[*] A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please attach the contents of that file.
