Your latest DDS Log looks good.
I'd like for you to update MalwareBytes' (the latest database version as I type this is 5104) and run a Quick Scan and post the log in your next post/reply.
Also, are you still getting the message about spooldr.sys?
Your latest DDS Log looks good.
I'd like for you to update MalwareBytes' (the latest database version as I type this is 5104) and run a Quick Scan and post the log in your next post/reply.
Also, are you still getting the message about spooldr.sys?
Hia, no I haven't had any more warnings about spooldr. Fingers crossed. Here is the mbabm log and its clear
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5108
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13/11/2010 17:28:03
mbam-log-2010-11-13 (17-28-03).txt
Scan type: Quick scan
Objects scanned: 152571
Time elapsed: 9 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Good to hear that you're no longer getting any warnings about spooldr.sys
How is your computer doing? Also, you mentioned in your very first post in this thread that Spybot found Virtumonde, among other things. Go ahead and run Spybot (be sure to update first) and let me know if it finds anything.
It came up clear. My computer seems fine now. Thanks so much for your help
That's great to hear.
Since you report no more problems, you're good to go.
You can delete the following off of your computer:
dds.scr
The two DDS Logs
GMER.zip
GMER.exe
The GMER Log
To remove ComboFix, do the following:
Go to Start > Run - type in ComboFix /Uninstall & click OK
Empty your Recycle Bin.
Please take the time to read my All Clean Post.
Please follow these simple steps in order to keep your computer clean and secure:
This is a good time to clear your existing system restore points and establish a new clean restore point
.
- Go to Start > All Programs > Accessories > System Tools > System Restore
- Select Create a restore point, and Ok it.
- Next, go to Start > Run and type in cleanmgr
- Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
- Select the More options tab
- Choose the option to clean up system restore and OK it.
- This will remove all restore points except the new one you just created.
Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.
Make your Internet Explorer more secure This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it asks you if you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
- Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
- Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
- If unchecked please checkHide protected operating system files (Recommended)
- If necessary check "Display content of system folders"
- If necessary Uncheck Hide file extensions for known file types.
- Click OK
- Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
- Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
Computer Safety on line Anti Malware- Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
- Click the start button on the task bar at the bottom of your screen
- Click run
- In the dialog box, type services.msc
- hit enter, then locate dns client
- Highlight it, then doubleclick it.
- On the dropdown box, change the setting from automatic to manual.
- Click ok..
- Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
- Please read Tony Klein's excellent article: How I got Infected in the First Place
- Please read Understanding Spyware, Browser Hijackers, and Dialers
- Please read Simple and easy ways to keep your computer safe and secure on the Internet
- If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox or
Opera.
If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.- Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Here's a good website to read about Malware prevention:
http://users.telenet.be/bluepatchy/m...revention.html
If your computer is running slow, click here for instructions on how to help speed up your computer.
Good luck!
Please reply one last time so that I know you have read my post and this thread can be closed.
Thanks so much for all the info and advice. I'm going through your points now. I am unable to get the spywareblaster link but have found another one through that forum using the search function. Now before I download this please can you confirm that this is the right thing and not a fake (sorry I'm so paranoid!)
http://www.javacoolsoftware.com/spywareblaster.html
thanks
Okay well I went ahead and downloaded and did all the steps you said. Was feeling very happy and safe. But now my firefox keeps crashing and when I try to load web pages I get this odd little error box
"Alert
The URL is not valid and cannot be loaded."
Even though the page has loaded and can be used. I have no option but to either click in the "ok" box of the "x" to get rid of the alert box or it will stay and stop me doing anything else. I have tried checking my taskmanager box to but I can't see it listed there (unless I'm missing something - quite possible!).
That's the correct link for Spyware Blaster.Now before I download this please can you confirm that this is the right thing and not a fake (sorry I'm so paranoid!)
http://www.javacoolsoftware.com/spywareblaster.html
Okay well I went ahead and downloaded and did all the steps you said. Was feeling very happy and safe. But now my firefox keeps crashing and when I try to load web pages I get this odd little error box
"Alert
The URL is not valid and cannot be loaded."
Even though the page has loaded and can be used. I have no option but to either click in the "ok" box of the "x" to get rid of the alert box or it will stay and stop me doing anything else. I have tried checking my taskmanager box to but I can't see it listed there (unless I'm missing something - quite possible!).
Try disabling all your add-ons in Firefox then enable them one at a time to see which one makes the error box appear. Once you find which add-on it is, uninstall it then re-enable the rest.
Another thing you can try is uninstalling Google Toolbar from your computer. That also seems to solve the problem that you're describing.
Thank you again! I removed google toolbar and its working okay now. Thanks for all you help
Okay sorry about this, but now i keep getting this error message box
"Microsoft Feeds Synchronisation has encountered a problem and needs to close" I have to choose either "send error report" or "don't send" there is no "x" box. Is this something to worry about?
Posting Permissions
