Large data transfer

Are you running any P2P or torrent downloading programs? If so, first try uninstalling or at a minimum disabling them. If this does not help then continue on with the below.


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

• If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
  • TDSSserv Non-Plug & Play Driver Disable
• If something does not run, write down the info to explain to us later but keep on going.
• Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

You are way way out of date with your version of SUPERAntiSpyware and did not install what we requested in the READ & RUN ME..

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this new log.

You are also out of date with Malwarebytes, run it and update it and then run a new scan with it too. Attach the new log.


Please delete the below files which are due to failed attempts at running combofix:

Code:

"C:\WINDOWS\system32\"
cf12447.exe   Jan 11 2009      389120  "CF12447.exe"
cf21518.exe   Jan 10 2009      389120  "CF21518.exe"
cf23438.exe   Jan 10 2009      389120  "CF23438.exe"
cf23520.exe   Jan 10 2009      389120  "CF23520.exe"
cf24568.exe   Jan 10 2009      389120  "CF24568.exe"
cf25907.exe   Jan 10 2009      389120  "CF25907.exe"
cf26629.exe   Jan 10 2009      389120  "CF26629.exe"
cf28333.exe   Jan 10 2009      389120  "CF28333.exe"
cf29437.exe   Jan 10 2009      389120  "CF29437.exe"
cf30988.exe   Jan 10 2009      389120  "CF30988.exe"
cf31441.exe   Jan 10 2009      389120  "CF31441.exe"
cf6531.exe    Jan 10 2009      389120  "CF6531.exe"
cf6838.exe    Jan 10 2009      389120  "CF6838.exe"

Now download the current version of ComboFix to your Desktop and then shut down all protection software and browsers. Try running ComboFix again. If it runs, attach the log. If it does not run, try running it after booting into safe mode.

I'm not seeing any problems in your logs.

 

There is nothing wrong with the output from MGtools. That is all expected output. As for ComboFix, I don't know why it will not complete but it does not matter since you are not having malware problems. Your logs are all clean. You are probably just noticing a normal automatic update for Windows or something else you use (like Googleupdate or something else).

I do question the below files and folders though. Are you the one naming things with the xx in front of the file and folder names?

Code:

"C:\Documents and Settings\Jim LaRocca\"
XXCOOK~1      Jan 22 2006              "xxCookies"
XXDESK~1      Jan 22 2006              "xxDesktop"
XXJIML~1      Jan 22 2006              "xxJim LaRocca's Documents"
 
"C:\Documents and Settings\Jim LaRocca\Desktop\"
xx.txt        Jan 10 2009         781  "xx.txt"
 
"C:\"
xx.txt        Jan 10 2009         781  "xx.txt"

I suggest that you install a real firewall from the choices given in the link in my below final instructions. The Windows firewall is totally inadequate.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Well if this is what your problem was from then your first issue is with your router hardware since it is what is being compromised. And you are correct than many routers due have this on by default. Some applications that people use may not work quite so well when it is disabled.

Yes there could be issues related to something on your PC but they may not be so easy to find since can be holes within things like Adobe Flash Player and Shockwave and the SWF files played by them. You could uninstall them and delete all SWF files but this may only be one possible source. There could be issues with games you are playing. Are you ready to uninstall them to find out? Also there is mention of exploits using XML. This is not malware in the sense that we scan for. These are security holes in valid applications and hardware and I'm not sure how to go about finding it other than uninstalling applications to see if you can locate the source.

You say your other PC is not having a problem and was using the same router. Perhaps you can check some of the applications being run on the problem PC that are not on the PC that works properly.

You could also try installing a real software firewall on your PC since the Windows firewall is not very good. I'm not sure if the firewall would find and block these tranmissions or not but it is worth a try. You can find some free firewalls in this link: How to Protect yourself from malware!

You other alternative (if you just want to try and fix it) may be a total clean reinstall and install all 3rd part software slowly to see if you can determine where the problem comes from. That is, if it does reoccur after the reinstall.