Potential malware problem - request log review

You are misinterpreting the information. This is normal information and is why you install programs like Malwarebytes and Norton. They are there to protect you from the bad sites on the internet. I'm suspecting that you need to add a router with a hardware firewall in between your PC and your cable or DSL modem to add another layer of protection that may even stop many of these kinds of external searches from getting to your PC.



Download TDSSKiller from Kaspersky to your directly onto your Desktop

• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
• If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).
  • If you do not see the file extension, please refer to: How to view hidden, system files & folders!
• Allow the application to run if prompted by Windows or any security programs you have installed
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.
• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

 

Also see if you can locate the below file and put it into a ZIP file and attach it here. This file seems suspicious.

c:\windows\system32\drivers\uucrkea.sys


When you ran MGtools, did you have your cable to the internet disconnected? It looks like your network interface was totally down.


You also need to uninstall the below:
Ad-Aware SE Personal << way out of date and totally ineffective
Spybot - Search & Destroy 1.2 << way out of date
SpywareBlaster 4.1 << way out of date
SpywareGuard v2.2 << way out of date and totally ineffective

You can install the proper version of Spyware Blaster from here >> SpyWare Blaster

 

So my suspicion was correct.

Yes. Run like below.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\MGlogs.zip

Not sure how effective their firewall is, but first are you still seeing those addresses being blocked by MBAM?

Is his what you meant to ask? You don't need an online scanner. You just need backup malware scanners like Malwarebytes and SUPERAntispyware to pickup the many many things that Norton will not.

 

You're welcome.

According to what your logs show and what you are saying, you have the paid version not the free version.

Not since you have the paid version of MBAM.

Your logs are clean.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!