Is my problem bad enough to be taken to a service/repair shop?

[chaslang]

Your TDSSKiller log shows a couple left overs from a TDL infection. Run it again and this time if the below two lines show, Delete them or Quarantine ( which ever is allowed)

Code:

23:56:37.0172 6052 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:56:37.0172 6052 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Then reboot your PC and run TDSSKiller again and attach this new log so we can be sure they were fixed.

Quote:

Originally Posted by fosho14

A professional technician at a repair/service store probably wouldn't be able to do any further cleaning other than reformatting the hard drive right?

Do you think we are not professsionals? We are much more highly proficient in malware removal then most technicians in PC repair shops. It all depends on how long they have been doing this and many of them actually learn what to do by reading what we do on malware removal forums.

[fosho14]

Quote:

Originally Posted by chaslang

Do you think we are not professsionals? We are much more highly proficient in malware removal then most technicians in PC repair shops. It all depends on how long they have been doing this and many of them actually learn what to do by reading what we do on malware removal forums.

I definitely don't doubt your skills, and can clearly see that you are a trained specialist in this area. Just strikes me as ironic that you are doing this for free and are more knowledgeable than the ppl who are charging money who are less knowledgeable. Can't thank you enough though it is very upstanding of you to be doing this. Will attach the logs soon

[fosho14]

Here is the log after deleting the \Device\Harddisk0\DR0

The 2 other medium risk threats that it picked up that you will see in the log are not harmful to my system and are actually necessary which is why I did not remove them.

The KM service is the activator I use for microsoft office and the sony service is for my e-reader.

Something I hadn't yet mentioned which I believe is extremely important, is the fact that several "important" windows security updates failed to complete. I get error code "80248007" for updates KB2656368 KB2679255 and KB890830

and error code "8024000B" for update KB2675157


That is probably the most concerning thing at this point. How do you think the security of my pc is looking right now?

Cheers

[fosho14]

Is it reasonably safe for me to start online banking again with the changed account information?

Thanks again for all your help so far

[chaslang]

Quote:

Originally Posted by fosho14

Something I hadn't yet mentioned which I believe is extremely important, is the fact that several "important" windows security updates failed to complete. I get error code "80248007" for updates KB2656368 KB2679255 and KB890830

and error code "8024000B" for update KB2675157

This may be a topic for the Software Forum but give the below a try first.


Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now open Repair_Windows.exe
• Go to Start Repairs tab.
• Choose "Custom Mode" and press "Start".
• Create a System Restore point if prompted.
• In the Custom Mode window, select the following repair options:
  • Reset Registry Permissions
  • Register System Files
  • Repair WMI
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• If asked to reboot the computer for the changes to take affect, make sure other tasks in the program are not still running before accepting to restart.

Quote:

Originally Posted by fosho14

That is probably the most concerning thing at this point. How do you think the security of my pc is looking right now?

It looks fine and should be safe to use. You may want to consider changing all passwords anyway just to be on the safe side.



If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

[fosho14]

Thanks, thats good to hear, I will start using my pc again. I just noticed on my tune up utilities program that there was a suggestion to disable administrative shares, because otherwise hackers can gain network access. Do you think it's a good idea to disable administrative shares?

[chaslang]

Quote:

Originally Posted by fosho14

Do you think it's a good idea to disable administrative shares?

Not if you really need them? And if you need them, just make sure that they are password protected to make it more difficult on hackers. Shared folders or drives should not use the same passwords as for your user accounts too.

But you need to realize something significant, if you are logging into your PC with a user account that has administrator priviledges and you get hacked, they already have full permissions and can change passwords and permissions to anything they want. This is a reason why one security method commonly recommended is not to use an admin type account to do any surfing. Only use Restricted User Accounts. Obviously this has some down sides too but it is more secure.

[fosho14]

Shit, I have been using an account with administrative privileges this entire time from the beginning :O I'm sure it's not very safe for me to be using this computer but at this point and after everything ive been through, I'll take the risk (I have bills to pay and transactions that must be processed). It's a fairly expensive computer that a family friend built part by part so im not gonna just buy a new one and i don't really want to buy an external hard drive to wipe it clean and re-load. Thanks for all your help hopefully things work out okay for me based on the scans that we performed together. The amount of time you donated to me was very much appreciated.

Cheers

[chaslang]

You're welcome. Surf safely.