3puters2users1bigheadache

Welcome to Major Geeks!

Based on your logs, you are not having malware problems. I will have you run two more scans just to cover all bases, but my initial opinion is that your problem is PC specs. That is and older style and slower process an inadequate memory to properly run Win XP SP3 and other software. You logs show the below:

Code:

Processor x86 Family 6 Model 14 Stepping 12 GenuineIntel ~1866 Mhz 
Total Physical Memory 512.00 MB 
Available Physical Memory 268.98 MB 

This is a slower processor and also not a modern dual or quad core type. Also you have about 1/4 of the minimum amount of memory that I recommend for properly running Win XP SP3. You should ideally have at least 2 GB and at a minimum 1 GB.


Goto the below link and follow the instructions for running TDSSKiller from Kaspersky

• TDSSkiller - How to run

• Be sure to attach your log from TDSSKiller

Now please also download MBRCheck to your desktop.

See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

 

Not sure if this is an infection or a problem with Yahoo itself. If it is an infection, perhaps all 3 of your PCs are infected.

You need to rerun TDSSkiller and select ONLY the below items if they still appear and either cure, delete, or quarantine based on the choices given

Code:

18:15:39.0609 1336 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:15:39.0609 1336 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 

Do you have your Windows XP boot CD? Your log from MBRcheck shows an unknown MBR type which may or may not mean it is infected. Since you are having problems, we should fix this. If you were not having any problems, I would ignore it.

 

Let's see if we can be lucky enough to get MBRcheck to fix it.


Now if you wish to continue and fix the malware - please do the following:

• Run MBRCheck.exe
• Wait until you see the following lines:
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.
    Enter your choice:

• Please push the 'Y' key and then press Enter
• When the program asks you to Enter your choice: enter 2 to Restore the MBR and press the Enter key
• Now the program will ask you to "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.

• Now the program will show Available MBR codes as below

• You need to select your version of Windows frrom the list. Since you have XP, enter 0 and then press Enter.
• The program will prompt for confirmation. Type 'YES' and hit Enter.
• Left click on the title bar (where program name and path is written). From menu chose Edit -> Select All
• You will see all the text in the window get highlighted.
• Hit the Enter key on your keyboard to copy all of the text into the clipboard.
• Paste that text into Notepad, save it to your desktop as MBRfix.txt
• Restart your PC.
• Attach the MBRfix.txt file to your next message.
• Also rerun a normal MBRcheck scan and attach this new log too so we can see if it fixed the MBR.

 

Correct! We did not get lucky.

Try this >> Fix MBR using ARCDC

After fixing it with the above, get another new log from MBRcheck

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!