Hi, I'm having a problem where clicking on google search results will, on occasion, take me to an ad site or something similar. It also seems at least slow down my internet browsing and possibly other processes. I'm unsure if this is related or something recent with google, but Google Instant is unavailable while I'm typing things into the search bar.

My most recent Malwarebytes scan showed up nothing so I am going to post one from 09/20/2011 which actually came up with something. I'm not sure if this is the date it started, but it's the most recent log of something being caught. I removed the Malwarebytes site link so I could post.

I can't post my MySystem-Search log because I'm a new member and I'm not allow to post external links or emails and the log seems to be filled with them.



Malwarebytes' Anti-Malware 1.51.2.1300

Database version: 7753

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/20/2011 8:18:43 AM
mbam-log-2011-09-20 (08-18-43).txt

Scan type: Full scan (C:\|)
Objects scanned: 411833
Time elapsed: 3 hour(s), 44 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2273484544 (Trojan.FakeAlert) -> Value: 2273484544 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Hi. Thanks for the reply. Somehow, the redirection problems seems to be gone at the moment. Earlier today my Avira caught 'TR/Kazy.38266 [trojan]' in a few places and the redirection seems to have gone away. I would still like to go through the process to see if there are any remnants or if there's any chance the problem could return, if that is all right with you.

I am going to go ahead and run Combofix and post the log as soon as I can.

There are still some files that look suspicious to me as I was looking around. Let me know if you would like any more details.

Here is the combofix log. Under "FF - prefs.js: browser.startup.homepage" and "FF - prefs.js: keyword.URL" I removed the "h t t p : / / w w w ." Since I am not allowed to post external links. Those were the only changes made.

ComboFix 11-09-26.03 - ANguyen Home 09/26/2011 21:17:15.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2958 [GMT -7:00]
Running from: c:\users\ANguyen Home\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\ANguyen Home\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll
c:\users\ANguyen Home\AppData\Roaming\BITS
c:\users\ANguyen Home\AppData\Roaming\BITS\BITS.ini
c:\users\ANguyen Home\AppData\Roaming\BITS\P2PCfg.ini
c:\users\ANguyen Home\Taskmgr.exe
c:\users\ANguyen Home\wevtapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-25 00:53 . 2011-09-25 00:53 388096 ----a-r- c:\users\ANguyen Home\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-25 00:53 . 2011-09-25 00:53 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-24 22:47 . 2006-06-19 20:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2011-09-24 22:47 . 2006-05-25 22:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2011-09-24 22:47 . 2005-08-26 08:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2011-09-24 22:47 . 2003-02-03 03:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2011-09-24 22:47 . 2002-03-06 08:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2011-09-24 22:47 . 2011-09-24 22:47 -------- d-----w- c:\program files (x86)\Trojan Remover
2011-09-24 22:47 . 2011-09-24 22:47 -------- d-----w- c:\users\ANguyen Home\AppData\Roaming\Simply Super Software
2011-09-24 22:47 . 2011-09-24 22:47 -------- d-----w- c:\programdata\Simply Super Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 05:45 . 2010-08-08 06:37 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-24 05:45 . 2010-08-08 06:34 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-18 20:25 . 2010-08-08 06:34 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-02 00:42 . 2010-04-09 08:26 363560 ----a-w- c:\windows\system32\guard64.dll
2011-09-02 00:42 . 2010-04-09 08:26 285256 ----a-w- c:\windows\SysWow64\guard32.dll
2011-09-02 00:42 . 2010-04-09 08:25 92688 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-09-02 00:42 . 2010-04-09 08:25 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-09-02 00:42 . 2010-04-09 08:25 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-09-02 00:42 . 2010-04-09 08:25 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-09-01 00:00 . 2010-06-08 02:52 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 07:11 . 2011-08-27 07:11 40960 ----a-r- c:\users\ANguyen Home\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-08-27 07:11 . 2011-08-27 07:11 40960 ----a-r- c:\users\ANguyen Home\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-06-30 19:19 . 2010-06-08 02:49 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-30 19:19 . 2010-06-08 02:49 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-05-21 3824472]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-12-17 4763256]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-05 95576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-06-22 202256]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2011-05-19 1233856]
.
c:\users\ANguyen Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [x]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [x]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2008-06-17 15408]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-02 136360]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-20 148744]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 HMuKstE;Kensington TrackballWorks Expert USB HID Device Filter Driver;c:\windows\system32\DRIVERS\HMuKstE.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3467924077-2809153651-3563722403-1000Core.job
- c:\users\ANguyen Home\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 05:44]
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3467924077-2809153651-3563722403-1000UA.job
- c:\users\ANguyen Home\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 05:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-09-02 9048392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ANguyen Home\AppData\Roaming\Mozilla\Firefox\Profiles\1bkod1k4.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57192
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-JavaTrayOnline - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3467924077-2809153651-3563722403-1000\Software\SecuROM\License information*]
"datasecu"=hex:b5,c8,98,6f,81,fd,0b,46,15,05,e8,b0,dc,d5,1f,60,42,0e,40,bd,5c,
5c,c0,e9,83,1a,56,14,85,fe,d9,81,76,42,e4,14,b0,07,08,6a,93,45,c0,9c,14,e6,\
"rkeysecu"=hex:bc,63,5d,ce,d1,79,5d,4a,23,6c,04,12,dc,4f,6d,dc
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2011-09-26 21:28:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-27 04:28
.
Pre-Run: 202,207,985,664 bytes free
Post-Run: 201,825,427,456 bytes free
.
- - End Of File - - D9183BE614140D67753BCD52A42F726F

Scan for malware

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

Ok here's the latest Malwarebytes log. Nothing found this time.

Malwarebytes' Anti-Malware 1.51.2.1300

Database version: 7810

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/27/2011 12:19:14 PM
mbam-log-2011-09-27 (12-19-14).txt

Scan type: Quick scan
Objects scanned: 179542
Time elapsed: 1 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

Here is the Eset Scanner Log as requested.


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5be77ab935f2a84db248b3a5cf3c3f5e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-28 09:02:45
# local_time=2011-09-28 02:02:45 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 0 53655052 0 0
# compatibility_mode=3073 16777213 80 75 125436 52193922 0 0
# compatibility_mode=5893 16776573 100 94 22552118 68780714 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=247386
# found=2
# cleaned=2
# scan_time=6501
C:\Qoobox\Quarantine\C\Users\ANguyen Home\wevtapi.dll.vir Win64/Agent.AC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\ANguyen Home\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll.vir a variant of Win32/Kryptik.TGT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

How is the computer running?

Well the redirections seem to have stopped and the Google Instant search feature started working again. The problems seem to have been fixed. Is there anything else you would like me to try just to make sure?

Also, there is one file that has me a little uneasy in my AppData>Local and my C:\ProgramData. They have the same suspicious name as each other and the date and time of their creation given show that they were created around the same date and time that my firewall caught an unknown program. Would it be safe just to delete the file or would I have to take additional steps? Is it recommended?

What are the file names?

The file is named "x5j3n6v867f" in both locations. It's 1.29 KB (4.00 KB on disk) as listed as "System File" under Type. Unless checking the properties of the file count as accessing it, something else seems to be accessing it recently.

This is the latest quick scan of Malwarebytes after my Avira guard detected something and something asked permission from my firewall.

Malwarebytes' Anti-Malware 1.51.2.1300

Database version: 7829

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/29/2011 1:48:33 PM
mbam-log-2011-09-29 (13-48-33).txt

Scan type: Quick scan
Objects scanned: 180245
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\anguyen home\AppData\Local\Temp\0.8442757581962649.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\Users\anguyen home\AppData\Local\Temp\smg.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\Users\anguyen home\AppData\Local\Temp\uivjwkxlym (Rootkit.0Access) -> Quarantined and deleted successfully.


For future reference, would I have to take further actions against files such as these, or is their removal enough? Also, any suggestions on the files I mentioned in my previous post?

I am having a new problem, I think. My Avira keeps detecting this "TR/DNSChanger.VJ.2' [trojan]" in the file "C:\Windows\assembly\tmp\U\80000032.@" Avira says it is moved to quarantine, but after a while the alert pops up again. And earlier in the day:
Virus or unwanted program 'TR/Crypt.ULPM.Gen [trojan]'
detected in file 'C:\Windows\assembly\tmp\kwrd.dll.'

The second one has not recurred in a while.

Thanks for all the help.

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

• Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  
• Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  
• Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  
• It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  
• Once inside the interface, do not fix anything. Click on the Report tab.
  
• Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  
• It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  
• When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

Hi,

After clicking on the executable, I get an Error dialog box. It says "Error loading driver, NTSTATUS code: 0xc000036B"