Unsure if computer is clean, please look at logs

Hi

Firstly, thanks a lot for any help that can be offered.

I have run the malaware removal guide and now have the logs.

The problem:

When I search for anything at google.com or msn.com, or at the google tool bar e.g. "BBC News" the search results do not come up with the real web addresses. However, the description above the fake addresses on the search results does say BBC news etc. I hope this makes sense.

If i type an exact address then there is no problem getting to that website.

The search problems Im having led me to believe i have some malaware problem.

After running the READ AND RUN malaware programs it still has not fixed the problem. My google searches are still being redirected to incorrect websites.


Please let me know if my logs are clean. Thank you.

 

Last log is here

 

Hi

Thanks for your reply.

I have a Win XP (SP3) computer.

I have Norton Antivirus already installed on there.
It has blocked several attempts of intrusion, but something obviously still got through. The first block was on 30/12/2008 and it states

"An intrusion attempy by [my surname] was blocked. Application path \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE"

Another blocked intrusion was:

"Bloodhound.Exploit.213 detected by Auto-Protect"

and there are some further blocks in the last few days...but quite a lot to mention - most are the same, and its stemming from internet explorer.

I had forgot to post about this in my first post and I didnt want to post again as I though Iwould be bumping it and lose another day.


Step 1
Ok so have completed Step 1.

Step 2
I tried running MGtools.exe but it comes up with an error: Ive copied the whole text I got on my screen below (I realise some of it is majorgeek text)

"Error: Key: SOFTWARE/swearware does not exist!

Running scan with GetUnkeys.bat - 08/1/2006 By Chaslang and ShadowPuterDude

Updating: GetUnKey.txt <deflated 88%>

Running scan with GetRunKeys.Bat - <c> 01/28/2006 By Chaslang

Cannot load VDM IPX/SPX support

Note: Ignore an error messages about not finding registry keys!
Just wait for the program to finish running!!”


I haven’t followed the other steps (as I think you usually like people to follow the steps in a specific order) although Ive technically got Step 4 done as I do have an Anti virus program.

Let me know if I can do anything about MG tools or whether I should carry on with the other steps.

Thank you!!!

sam

 

Hi

Sorry, please ignore some of the very last post below after Step 2.

I later understood what you meant and went to Start > Run and typed in the file to run Hijackthis.

I have now completed all the steps (apart from step 4 as i already have norton anti virus installed - please see post below which states what Norton blocked in previous intrusion attempts which I think was the start of the malaware problem in the first place - if this is relevant information).

Logs attached.

I tried google searching, and my searches are still being re-directed.

Please let me know if there is anything further i can do to correct the problem.

 

Hi

Thanks for checking my logs.

They may be clean, however, the problem that I have still remains.

Whenever i google or msn search anything it comes up with websites which are in fact virus or malaware sites and just by clicking on the link it causes problems. (I can test out the search - although I do not click on the links, as i know that would just start a new problem.)

It is restricting my computer by a great deal.

Whatever is on my computer has not been gotten rid of. I dont know what do further.

Can you let me know if there is anything else I can do?

 

Hi chaslang

Thank you for your reply. I have done what you said. Logs are attached.

In addition, just in case this is at all relevant I got the following dialog boxes/text come up when I was running ComboFix (which is on my desktop). I cant remember if these are normal signs or not so just letting you know in case it is relevant.

1. As ComboFix was loading I got a dialog box stating

I pressed OK on this dialog box.


2. Then during the actual scan after command 50 or so it said on the screen:

It stayed like this for a long time. I pressed enter a couple of times and it then autmotically rebooted the computer.

3. After reboot it came up with the Find3M dialog box and in part of it said

The good news is that I have tried testing out a search on google and msn tonight (after running what you said) and it is coming up correctly i.e. the links are not being redirected. But I have not clicked on any of the links (just in case).

However, i want to add that yesterday i test searched too. In the morning the links were coming up correctly (I still did not click on any of them). But when i went and tested it later the same day the links were being redirected again to the virus websites. That made me realise that something is still there, so I thought I would wait until one of the majorgeeks techs replied.

Anyhow Im hoping that whatever you have told me to do today has now finally got rid of it.

Please let me know if my logs are clean and if there is anything else I can do to definitely make sure that the problem I have/had is now gone forever and not just temporarily.

Thank you for your help.

 

Hi

Dr. moriarty - Sorry i wasnt so clear in my last post - sometimes the links from my google searches were not being redirected and sometimes they were during the day. I did a few random tests that day not just two.
That made me think that whatever was there hadnt totally been cleaned, as sometimes it worked and sometimes it didnt. The next day Chaslang posted and I then followed his advice. I think whatever Chaslang advised me has really helped and fixed the problem as now my searches are no longer being redirected whatsoever at anytime I use google or msn to search for websites. The real websites come up in the searches. Ive also been clicking on the search results and there has been no intrusion as far as Im aware.


However, Ive still run through the steps dr.moriarty suggested in his last post. The logs are attached.

I dont have a firewall with Norton/Symantec, but i have now dowloaded Online Armour from your list of recommended firewall programmes.


Please let me know if my logs are clean now. Thank you.

 

I wanted to add to my above post (if this is at all useful info to you)- a screenshot of the names of what my AOL spyware program keeps picking up and blocking (in the last few weeks).


Although its saying its blocked them, I do not know in fact how effective it is, but i assume the programs i have run with major geeks would have also picked them up and dealt with them and shown up in the logs too.

[PS this aol spyware program came with the AOL software ive always had and its not something extra i tried to get so as to have lots of spyware programs, but i dont mind it.]

Anyway this is probably unlikely to be useful to you, but I have attached the screenshot if youre interested.

 

Hi

ok brilliant thanks. will carry out those steps too.

BTW I downloaded Online Armour firewall, it slowed down my computer so much that I have now uninstalled it. The difference in speed and opening programs was very noticeable.

Is there any other firewall on your list of recommended ones which you recommend as not slowing down the computer? thanks