We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Use of search engine- problem with google
Comments
-
Heres the log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4172
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
06/06/2010 09:51:34
mbam-log-2010-06-06 (09-51-34).txt
Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 154437
Time elapsed: 55 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\roua3o12pw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.165.110,93.188.161.84 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ff6c7f68-23f2-4e25-b2e7-4ad8aafecd5e}\NameServer (Trojan.DNSChanger) -> Data: 93.188.165.110,93.188.161.84 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.0 -
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
Heres the log as requested
ComboFix 10-06-17.02 - PC 18/06/2010 12:27:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.479.229 [GMT 1:00]
Running from: c:\docume~1\PC\LOCALS~1\Temp\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\win.com
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-05-18 to 2010-06-18 )))))))))))))))))))))))))))))))
.
2010-06-12 07:31 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 13:08 . 2010-06-09 13:08
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-06 17:15 . 2010-06-18 11:12
d
w- c:\documents and settings\PC\Application Data\GetRight
2010-06-06 17:13 . 2010-06-06 17:20
d
w- c:\program files\GetRight
2010-06-06 16:26 . 2010-02-12 10:03 293376
w- c:\windows\system32\browserchoice.exe
2010-06-06 09:00 . 2010-06-06 09:00 388096 ----a-r- c:\documents and settings\PC\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-06 09:00 . 2010-06-06 09:00
d
w- c:\program files\Trend Micro
2010-05-25 18:46 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-05-25 18:46 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-05-25 18:46 . 2009-08-30 00:17 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-05-25 18:46 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-05-25 18:46 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-05-25 18:46 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-05-25 17:46 . 2010-05-25 17:46 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-25 16:33 . 2010-06-16 08:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-25 16:25 . 2010-05-25 16:26
d
w- c:\windows\system32\NtmsData
2010-05-24 18:25 . 2010-05-24 18:25
d
w- c:\program files\iPod
2010-05-24 18:24 . 2010-05-24 18:26
d
w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-24 18:24 . 2010-05-24 18:26
d
w- c:\program files\iTunes
2010-05-24 18:21 . 2010-05-24 18:21
d
w- c:\program files\Apple Software Update
2010-05-24 18:19 . 2010-05-24 18:19
d
w- c:\program files\Bonjour
2010-05-21 10:04 . 2010-05-21 10:05
d
w- c:\program files\QuickTime
2010-05-21 07:42 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-05-21 07:40 . 2010-05-21 07:41
d
w- c:\program files\Windows Media Connect 2
2010-05-21 07:38 . 2010-05-21 07:39
d
w- c:\windows\system32\drivers\UMDF
2010-05-21 07:38 . 2010-05-21 07:38
d
w- c:\windows\system32\LogFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 07:41 . 2009-08-18 15:46
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 18:25 . 2010-03-22 12:21
d
w- c:\program files\Common Files\Apple
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 07:16 . 2009-07-16 09:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2009-08-18 15:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-08-18 15:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 17:33 . 2010-04-24 17:33 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-21 09:03 . 2010-04-21 08:20
d
w- c:\program files\Common Files\Symantec Shared
2010-04-21 08:45 . 2010-04-14 05:57
d
w- c:\documents and settings\All Users\Application Data\Norton
2010-04-21 08:45 . 2010-04-21 08:45
d
w- c:\program files\Symantec
2010-04-21 08:45 . 2010-04-21 08:45 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-21 08:45 . 2010-04-21 08:45 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-21 08:45 . 2010-04-21 08:45 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-21 08:45 . 2010-04-21 08:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-21 08:44 . 2010-04-21 08:44
d
w- c:\program files\Windows Sidebar
2010-04-21 08:44 . 2010-04-21 08:44
d
w- c:\program files\Norton AntiVirus
2010-04-21 08:44 . 2010-04-21 08:44
d
w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-21 08:44 . 2010-04-21 08:44
d
w- c:\program files\NortonInstaller
2010-04-21 08:20 . 2010-04-21 08:20
d
w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 21:12 . 2010-04-16 21:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-28 19:08 . 2010-03-28 19:08 41328 ---ha-w- c:\windows\system32\mlfcache.dat
.
Sigcheck
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-04-29 248832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2004-09-02 49152]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SoundMan"="SOUNDMAN.EXE" [2004-07-29 67584]
"EPSON Stylus CX3200"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2010-6-6 4628752]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-16 331776]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [25/05/2010 19:46 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [25/05/2010 19:46 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys [22/05/2010 19:16 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [25/05/2010 19:46 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [25/05/2010 19:46 116784]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [25/05/2010 19:46 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 10:00 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100617.001\IDSXpx86.sys [17/06/2010 18:23 331640]
S0 edzswf;edzswf;c:\windows\system32\drivers\okjvga.sys --> c:\windows\system32\drivers\okjvga.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
2010-06-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
2010-06-17 c:\windows\Tasks\User_Feed_Synchronization-{7765AED7-6CAC-4A95-A78F-1BC1CAA1C087}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.sky.com/
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-06-18 12:39:14
ComboFix-quarantined-files.txt 2010-06-18 11:39
Pre-Run: 23,901,995,008 bytes free
Post-Run: 24,099,012,608 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 2D3E8D987D857B01ADF75F072D4FD6CB0 -
Looks clean at 1st glance
Download HostsXpert (resets the HOSTS file back to what it should be)
http://www.softpedia.com/progDownload/Hoster-Download-27041.html
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
....................................................................
Then give the computer a spring clean
Download CCLEANER
http://www.piriform.com/ccleaner/download/slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
reboot
Hows it running now?:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245K Work, Benefits & Business
- 600.6K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards