Dell Inspiron 1525
Windows XP Service pack 3
I noticed the problems this morning. Internet explorer would not pull up any webpages even though I had a good connection via ethernet cable (tested by successfully pinging yahoo.com through the CMD prompt).
Tried to run the installed anti-virus program Norton Internet Security. (Not sure what version. I'll try to find out). The program repeatedly failed to launch.
Rebooted labtop. Microsoft Application Error Reporting window pops up. Lists a program called 'Google Installer'. Also upon every reboot there is a Windows Genuine Advantage window. I cancel both.
Try to run internet explorer, norton, etc. System freezes.
Reboot, but no Windows. Just a black screen with mouse pointer stuck in the middle.
Reboot in safe mode.
So I do some Googling with a working computer and copy SpyBot and Malwarebytes anti-malware to a disc to use on the laptop. After installation both programs fail to launch.
I change the names of the .exe files of said programs and they finally launch. Both programs find problems which I delete.
Reboot normally into windows and it works. But still freezes up if I try to run any anti-malware/virus programs, which now run but freeze in the middle of their searches.
So it seems I have cleared some of the syptoms but haven't killed the bug yet. Any suggestions?
Here is the log from the Malwarebytes anti-malware program:
Malwarebytes' Anti-Malware 1.43
Database version: 3460
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
12/30/2009 7:56:59 PM
mbam-log-2009-12-30 (19-56-59).txt
Scan type: Full Scan (C:\|)
Objects scanned: 184370
Time elapsed: 18 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\23094848483939484 (Rogue.GreenAV) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\21098746521098765 (Rogue.GreenAV) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Marilyn\Local Settings\Temp\settdebugx.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHCD9C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHCD9D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHCD9E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.