Same with the second one, I'm going to reboot and rerun Sas now.

SaS came up clean! Anything else to do or is it fixed?

Thank youuuuuuuuu!

Attached Files

SUPERAntiSpyware Scan Log - 11-21-2008 - 21-37-53.log (465 Bytes, 2 views)

Hit me with a HJT log before logging off.

Use the computer but when you go to bed or work update mbam leave it in a scan. Post log in morning.

Good job.

I will leave a thread closing for you tomorrow .

Good job!

Night,
Mike

Yay!! here's the hijack this log. will post the other scan tomorrow morning. Thanks for your help.

Attached Files

hijackthis.log (4.8 KB, 1 views)

HJT log clean also!

Talk tomorrow,

Mike

Mbam had a few hits last night. log attached. good morning

Attached Files

mbam-log-2008-11-22 (09-09-53).txt (2.1 KB, 1 views)

Well you were all clean last night so you are being reinfected by what you access on the web or email or Flash drive etc..

So lets get you some protections in now.

Get SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html install update and enable all

SpyBot S&D http://majorgeeks.com/download2471.html install it update it then do the Immunize then scan for good measure.

Hostman (Host Manager) http://www.abelhadigital.com/2008/07...-released.html install let it update and download all 4 of the host blockers. Also let it disable DNS Client if it asks.

Finally Threatfire http://www.threatfire.com/download/ update and scan

I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

It was designed to co-exist and compliment other Virus scanners.

Additionally it uses totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity. Use in conjuction with you Virus scanner, it's like looking at it with 2 sets of eyes and from a different angle.

You will need to read the docs on this, as it works like some Firewalls that learn. When TF finds something it asks for approval or denial and if to remember this answer. It is very wordy for a few hours as it learns, as you allow or disallow different programs. The trick here is to recognize a baddie from a goodie.

For example the first time after you install TF and run IE it will tell you that IE is trying to run well you know you just clicked it ans that you do want to permit it so you would approve and remember the answer and you will not be asked about IE again.

Only after we get the above installed and working. Then we clean again with mbam sas and combofix. Then likely the Spybot Immunize, or SWBlaster or Hostman will block them and you will not even know it, or TF will catch it and you will know were the reinfections are coming from.

Mike

I'm just about done running threatfire, I already installed updated and ran the other programs you prescribed.

I'm having another issue, I'm not sure if its in anyway related to this but maybe you can help. For some reason, my computer has my backup harddrive set as the main one, so when I try to install something (downloaded wow expansion from blizzard website, for instance) It doesn't let me because my E drive doesn't have enough space. Well, yeah, I know that, it's a backup drive. However, it won't let me choose to install it on my C drive. So, is there a way to reestablish the C drive as my main drive? thanks.

I'm going to run mbam, sas, and combofix when I'm done with firethreat.

Hmm

Not sure what is going by your description but answer this.

Is the backup drive an external or internal?

If external what happens to the drive letters if you shutdown and unplug it then boot without it? What drive letter is the Windows drive?
Need more details on the setup.

Mike

It looks like the C is my windows drive, but there is a windows folder on each drive. They're both internal. The E is a small one, I really don't even know why its in here.

Rt click My Computer left click Properties-Advanced-Startup and Recovery. Click the Edit button.

Change nothing but copy the text and paste it back. Then X out of all without saving.

M

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

And which one are you saying is low on space?

paste below to run command when it open click diskmgt
compmgmt.msc

Tell me about the disks!

Mike

(C Layout: Partition Type: Basic File System: NTFS Status: Healthy (System) Capacity: 67.73GB Free Space: 14.67 GB % Free: 21% Fault Tolerance: No Overhead: 0%

(E Layout: Partition Type: Basic File System: NTFS Status: Healthy (Boot) Capacity: 6.74GB Free Space: 796 MB % Free: 11% Fault Tolerance: No Overhead: 0%

I need to see deeper into your system so....

Download OTScanIt: http://download.bleepingcomputer.com...r/OTScanIt.exe
Close all Apps and Browsers

Download and save to Desktop and Dbl Click extract the files to an OTScanIt Folder.

If Firewall or other Security or Malware protections pop you should allow them to let OTScanit to run.

Enter the OTScanit folder and run OTScanit.exe.

In Additional Scans select BotCheck, Disabled MS Config Items and Eventviewer Errors/Warnings

Top Left click Run Scan.

The scan can take some time so allow it time.

Then finished a log will open, save log, attach back to here.

Mike