We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Malwarebytes log - what now?
Mac1977
Posts: 80 Forumite
in Techie Stuff
Downloaded and ran Malwarebytes - log below - then deleted what it found and restarted PC. Do I need to do anything else now?
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3937
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
31/03/2010 16:00:51
mbam-log-2010-03-31 (16-00-51).txt
Scan type: Full scan (C:\|)
Objects scanned: 171555
Time elapsed: 1 hour(s), 52 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad0b8220-7da4-4c0a-8532-b25a9f631d3d} (Trojan.Dialer) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Screensavers.com (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> No action taken.
Files Infected:
C:\WINDOWS\SYSTEM32\cpnprt2.cid (Trojan.Agent) -> No action taken.
C:\Program Files\Screensavers.com\Installer\bin\iebyterange.xml (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\Installer\bin\iebyterange.xml.backup (Adware.Comet) -> No action taken.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3937
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
31/03/2010 16:00:51
mbam-log-2010-03-31 (16-00-51).txt
Scan type: Full scan (C:\|)
Objects scanned: 171555
Time elapsed: 1 hour(s), 52 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad0b8220-7da4-4c0a-8532-b25a9f631d3d} (Trojan.Dialer) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Screensavers.com (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> No action taken.
Files Infected:
C:\WINDOWS\SYSTEM32\cpnprt2.cid (Trojan.Agent) -> No action taken.
C:\Program Files\Screensavers.com\Installer\bin\iebyterange.xml (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\Installer\bin\iebyterange.xml.backup (Adware.Comet) -> No action taken.
0
Comments
-
Those who know would suggest doing the same with hijackthis.
Whats your antivirus?That gum you like is coming back in style.0 -
Thanks for posting, will do the Hijackthis process too.
I have PC guard as ISP is Virgin and AdvancedSystem Care that a friend installed. You can probably tell I'm not very techy!
Have noticed AVG gets mentioned a lot - should I use this?
Thanks in advance.0 -
They all say 'NO ACTION TAKEN'
"C:\WINDOWS\SYSTEM32\cpnprt2.cid (Trojan.Agent) -> No action taken.
C:\Program Files\Screensavers.com\Installer\bin\iebyterange.x ml (Adware.Comet) -> No action taken.
C:\Program Files\Screensavers.com\Installer\bin\iebyterange.x ml.backup (Adware.Comet) -> No action taken."
If you never removed them youll need to rescan and TICK then REMOVE therm:idea:0 -
And please stick to the same thread
TICK and FIX these in hijack ~
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT2384137
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbI!!!.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbI!!!.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbI!!!.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Use the MCAFEE REMOVAL TOOL (you should never have more than one anti virus running and PARTICULARLY not 2 firewalls and particularly NOT mcafee as one of them)
http://service.mcafee.com/FAQDocument.aspx?id=TS100507:idea:0 -
What's wrong with McAfee?
Instigated terrorism the road to dictatorship.0 -
Actually, my laptop is running as slow as my 7 year old PC was doing in the weeks running up to when it conked out.
Hopefully I can sort this out in the next couple of days, as that's what I'm currently running (albeit not 100% by choice).Instigated terrorism the road to dictatorship.0 -
AliEnRIK,
Apologies for double posting and thanks for your help - it is much appreciated.
I've followed your advice above and ran the MALWAREBYTES quick scan shown below. I didn't have time to run the full scan earlier as had to go out and heading off to work soon but can do it tomorrow morning if needed.
While doing the quick scan earlier got the following;
Explorer.Exe - Application Error
The exception unknown software exception (0xc000000d) occurred in the application at location 0x04484bc7
Click OK to terminate the programme
Click Cancel to debug the programme.
I clicked OK and it disappeared.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3937
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
31/03/2010 19:29:09
mbam-log-2010-03-31 (19-29-09).txt
Scan type: Quick scan
Objects scanned: 1
Time elapsed: 1 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Thanks again0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178K Life & Family
- 260.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards