Please Help - IS this log infected?

vicky242a

Malware found 2 infected files, they have been removed and here is the log;

Malwarebytes' Anti-Malware 1.44
Database version: 3554
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

2010-01-23 20:12:29
mbam-log-2010-01-23 (20-12-29).txt

Scan type: Quick Scan
Objects scanned: 169522
Time elapsed: 12 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

fiddiwebb

vicky242a wrote: »

I have a Dell Desktop about 5 years old, running XP Media edition.

About 8 months ago, my Mcaffee run out but i was meant to be covered with my broadband supplier and they sent me 1 years free licence. A month ago, the PC started getting very slow, then it would freeze followed by a high pitch whistle. It freezes on everything Start-up, using the net, looking through folders.

I decided to buy a new Mcaffee licence, but it will not complete installation.

I have no idea, what to do.

Is the high pitched whistle coming from your computer casing, is your computer overheating?

Have you checked the fan is working, after five years a lot of dust can be drawn into the casing and will affect your fan if not cleaned.

JG007

only a personal opinion but DONT USE LIMEWIRE

I have cleaned a lot of pc's and at least 80% were using limewire and I always refuse to re-clean people's pc's if they re-install limewire

Browntoa

seeing you had Rogue Antivirus 2008 then follow this

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

and post that log file

vicky242a

Hi,

It's not allowing me to run combo fix, I click on the link, follow the combo fix instructions, i press run, then a download box comes up, goes green and then nothing happens?

A friend of mine told me to run a programme called registery reviver, when i do this, it finds 32 file paths empty and 47 registery keys empty. Has anyone heard of this programme and knows what this means?

Altahost

Hi Vicky, please nevermind reg reviver this will not fix your problem. Your PC is infected with malware.
Please follow Browntoas advice here. If combo fix will not work, try right clicking on combo fix and running as administrator. If this doesnt work you may need to switch to safe mode with networking enabled. To do this restart the pc and dab the F8 key until you see instructions on Safe Start.

You need networking on because combo fix will need to speak to its server over the internet.

PS. When you download combofix are you saving it or running it?

aliEnRIK

TICK these and click to FIX them ~
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -


Malwarebytes ~
Malwarebytes' Anti-Malware 1.44
Database version: 3554
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

2010-01-23 20:12:29
mbam-log-2010-01-23 (20-12-29).txt

Scan type: Quick Scan
Objects scanned: 169522
Time elapsed: 12 minute(s), 14 second(s)

Its out of date, please UPDATE malwarebytes (Currently on database version 3623) and run a FULL scan instead ~ post the log of that

Dont run any registry ceaning tools (Uninstall the ones your friend suggested)

Then try combofix (Run as administrator) again

vicky242a

Hi, Thanks for your reply. I Updated Malware and also uninstalled the registery reviver.

Here is the malware log

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.11
24/01/2010 16:00:47
mbam-log-2010-01-24 (16-00-38).txt
Scan type: Full Scan (C:\|)
Objects scanned: 246798
Time elapsed: 27 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\32788R22FWJFW\Combo-Fix.sys (Malware.Trace) -> No action taken.
C:\ComboFix\Combo-Fix.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP483\A0063463.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP484\A0066244.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP484\A0066635.sys (Malware.Trace) -> No action taken.


Should i click on the remove selected button?

aliEnRIK

Yes, remove selected

Then run Combofix and post the WHOLE of the log (Split into sections if need be)

Did you FIX those items in post #18?

vicky242a

Hi, No fix the items in post 18, as i weren't sure if i neede to re-run hi-jack this to fix them. Not sure whicih one i should do first??

Thanks