I was using my stepdad's somewhat ancient laptop while housesitting and tried to open an online PDF menu and the adobe reader icon came up and everything froze. The computer started running slowly after a reboot and while it didn't ask me to buy an antivirus program I did get these messages from Norton asking if I wanted to allow access to certain sites, etc. Anyway, I was able to get the computer running fairly well pretty quickly (there were never any redirects or anything of that nature) but there are still some lingering problems. For some reason even though I have no problems with the internet for the most part I am unable to connect to either of my email account pages. I can't even connect to hotmail, for example, and I don't even have an account there. I'm also having some problems signing in to certain places (ESPN, Amazon) and I can't update anything except for Malwarebytes. Why I can update malwarebytes and not superantispyware or Avira is beyond me. The scans I've run lately (malwarebytes, avira, the portable superantispyware) are saying my computer is clean but there are still some odd things going on with it so I just wanted to see if it really was clean or not.
This was my first malwarebytes log
Scan type: Quick scan
Objects scanned: 164972
Time elapsed: 13 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{67KLN5J0-4OPM-01WE-AAX2-314CCA994072} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-01WE-AAX2-314CCA994072} (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\Faisal\Haram (Backdoor.IRCBot) -> Delete on reboot.
Files Infected:
c:\Faisal\Haram\Faisal.exe (Trojan.Agent) -> Delete on reboot.
c:\Faisal\Haram\DesKTop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
After that I got this every time I ran it for the next four or five times
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7357
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702
8/2/2011 2:35:53 PM
mbam-log-2011-08-02 (14-35-53).txt
Scan type: Full scan (C:\|)
Objects scanned: 211275
Time elapsed: 1 hour(s), 34 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Finally the last couple of times I've ran it there have been no threats
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7409
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
8/8/2011 8:34:45 AM
mbam-log-2011-08-08 (08-34-44).txt
Scan type: Quick scan
Objects scanned: 170820
Time elapsed: 18 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
I'm not sure exactly what changed except I downloaded avira and ran a scan and it picked up ADSPY/SearchIt. T adware and something called AtlBrowser.exe
This was my first malwarebytes log
Scan type: Quick scan
Objects scanned: 164972
Time elapsed: 13 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{67KLN5J0-4OPM-01WE-AAX2-314CCA994072} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-01WE-AAX2-314CCA994072} (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\Faisal\Haram (Backdoor.IRCBot) -> Delete on reboot.
Files Infected:
c:\Faisal\Haram\Faisal.exe (Trojan.Agent) -> Delete on reboot.
c:\Faisal\Haram\DesKTop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
After that I got this every time I ran it for the next four or five times
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7357
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702
8/2/2011 2:35:53 PM
mbam-log-2011-08-02 (14-35-53).txt
Scan type: Full scan (C:\|)
Objects scanned: 211275
Time elapsed: 1 hour(s), 34 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Finally the last couple of times I've ran it there have been no threats
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7409
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
8/8/2011 8:34:45 AM
mbam-log-2011-08-08 (08-34-44).txt
Scan type: Quick scan
Objects scanned: 170820
Time elapsed: 18 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
I'm not sure exactly what changed except I downloaded avira and ran a scan and it picked up ADSPY/SearchIt. T adware and something called AtlBrowser.exe