It happens to us all: being called upon to provide IT support for the folks!
Well, Mom’s gone and got her XP box completely jacked, and I’m charged with cleaning up the mess.
Whatever it is, it’s getting past the Free Avast! boottime scan, and so I’ve followed the excellent instructions given by essexboy on the thread: http://forum.avast.com/index.php?topic=53253.0
Hopefully it’s cleaned up now, but here’s the MBAM log.
Unfortunately the OTS log was too large to attach. I will split into two files and post again below…
(…and BTW, I’ve told them over and over again, for the love of all things Holy, PLEASE give up on AOL! but sometimes you just can’t win.)
Malwarebytes’ Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6705
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/1/2011 1:28:26 PM
mbam-log-2011-06-01 (13-28-26).txt
Scan type: Quick scan
Objects scanned: 168494
Time elapsed: 10 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
A big ol’ “THANKS, Y’ALL!” from Texas…
- John