So I am completely and utterly computer illiterate, and have been battling with a virus for about a week now. Only thing I noticed out of the ordinary was the slowness and the fact that when I would type in a web address, I would wind up redirected to some random page and it took repeatedly bashing the back button to get anywhere (and sometimes even that didn’t work). I’ve run the scanner on Microsoft’s site as well as Microsoft Security Essentials. Sometimes they’d find something, most times they said everything was fine. Mainly coming back Trojans and random Java related things. A would-be tech buddy of mine had me download HijackThis and it’s popping up all sorts of lovely red X’s. This is my absolute last hope short of having him “reformat” (that’s what he said, anywho) my computer and starting new.
As requested, gonna do my best to post the logs, and the full report from MalwareBytes (forgive me if I screw this up, like I said…computer illiterate here…)
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.07.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tiddiekins :: TIDDIEKINS-HP [administrator]
Protection: Enabled
4/7/2012 2:31:53 AM
mbam-log-2012-04-07 (02-31-53).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 361127
Time elapsed: 1 hour(s), 34 minute(s), 42 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) → Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) → Data: http=127.0.0.1:61798 → Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Tiddiekins\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\2593152A.exe (PUP.MyWebSearch) → Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.07.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tiddiekins :: TIDDIEKINS-HP [administrator]
Protection: Enabled
4/7/2012 4:13:08 AM
mbam-log-2012-04-07 (04-13-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195842
Time elapsed: 5 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
2012/04/07 02:31:38 -0500 TIDDIEKINS-HP Tiddiekins MESSAGE Starting protection
2012/04/07 02:31:41 -0500 TIDDIEKINS-HP Tiddiekins MESSAGE Protection started successfully
2012/04/07 02:31:44 -0500 TIDDIEKINS-HP Tiddiekins MESSAGE Starting IP protection
2012/04/07 02:31:48 -0500 TIDDIEKINS-HP Tiddiekins MESSAGE IP Protection started successfully
2012/04/07 04:10:57 -0500 TIDDIEKINS-HP Tiddiekins MESSAGE Starting protection
2012/04/07 04:11:01 -0500 TIDDIEKINS-HP Tiddiekins MESSAGE Protection started successfully
2012/04/07 04:11:05 -0500 TIDDIEKINS-HP Tiddiekins MESSAGE Starting IP protection
2012/04/07 04:11:09 -0500 TIDDIEKINS-HP Tiddiekins MESSAGE IP Protection started successfully
So those are all three things I found under the Log tag MalwareBytes
Attached the logs below…check…alrighty, think that’s it. Any help would be great. I attempted calling Microsoft earlier and all they would tell me is since virus’ have become so advanced, that they won’t touch your computer or even help you for less than $99 dollars as of December 7th of last year. Bummer.
Thanks in advance for any and all help (if help is even an option at this point!)