8-Steps Complete / Logs Posted / Help?

Hi Joe

After reading thu all your different posts here is what you need to do.

I am not sure you are clean of the TDSServ trojan.

Also I noticed that you have had ComboFix installed. So we need to run it. Do the below.

Start-Run
type
combofix /u

then

Download ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.
----------------------------------------------------------------------------------------------------------------------------------
Next

D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Please make a note of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.

Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html This tool will run almost instantly if it finds nothing.

----------------------------------------------------------------------------------------------------------------------------------
DDS
D/L to Desktop: DDS by sUBs from one of these locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

double click DDS.scr to run

When complete, DDS.txt will open.

Click Yes for Optional Scan.
Save both reports to your desktop.
DDS.txt
Attach.txt

Attach the contents of both logs back here.

Mike

Thanks so much for the help! Here are my combofix and hjt logs...

Ran everything, XClean_Micro found this and deleted it:

Spy-Agent.ak

HKEY_LOCAL_MACHINE\Software\Windows\CurrentVersion\Control Panel\load

I've also attached my DDS & Attach logs...

Hi Joe

Run HJT Scan only select and remove the below
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Then..
Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
-------------------------------------------------------------------------------------
The issues were found is in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.

Post back your opinion of how system is running now, what do we have left?

Mike

Hey Mike! Well, I ran all the above and my system now appears to be running lightning fast. So does this appear to be the end of my viral issue? Would you like to look at any last logs before I let out that sigh of relief? If everything is good to go, should I remove all of the above programs we installed for this session and which Antivirus program and firewall would you recommend I keep? I'm running Avira Free and Zonealarm right now. Would it be better if I purchased Norton 2009 and kept Zonealarm?

Great I think you are good to GO!

Thread closing-------------------------------------------------------------------
Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

Save to desktop.

This will remove all the tools we used to clean your computer.
These tools update so often they require downloading again later if needed.

Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

Approve all if prompted by Firewall, Widows Defender or other guards or security programs about OTCleanIt attempting access to the Internet, allow all.

If prompted to Reboot click Yes.
OTCleanit will delete itself when finished, if not delete it by yourself.

-------------------------------------------------------------------------------------
Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
-------------------------------------------------------------------------------------

Every 2 weeks or so run mbam and sas until clean They take a while so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be schedules not to interfere with computer time.

If they find something they can not clean then get back to us.

Additionally run CCleaner.

I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

It was designed to co-exist with other Virus scanners.

Additionally it uses totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity. It's like looking at it with 2 sets of eyes and from a different angle.

http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html

Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/

Install Hostman and allow it to disable DNS Client and select all 4 Host files and the Update
Hostman http://www.abelhadigital.com/2008/07...-released.html

A Disk scan and Defrag are in order.

Mike