Big Problem Here...

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Am I infected? What do I do?

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

3 Pages

< 1 2 3 >

Big Problem Here...

Options

moo.moo.bear View Member Profile	May 18 2008, 06:24 AM Post #16
Member Group: Members Posts: 28 Joined: 17-May 08 Member No.: 209,514	SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/18/2008 at 01:10 PM Application Version : 4.0.1154 Core Rules Database Version : 3463 Trace Rules Database Version: 1454 Scan type : Complete Scan Total Scan Time : 00:56:19 Memory items scanned : 481 Memory threats detected : 0 Registry items scanned : 5750 Registry threats detected : 9 File items scanned : 54610 File threats detected : 20 Adware.OneStepSearch HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#DeviceDesc Adware.Tracking Cookie C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt C:\Documents and Settings\Mack Franks\Cookies\mack franks@atdmt[2].txt C:\Documents and Settings\Mack Franks\Cookies\mack franks@doubleclick[1].txt C:\Documents and Settings\Mack Franks\Cookies\mack franks@msnservices.112.2o7[1].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@2o7[2].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@ad.yieldmanager[1].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@adrevolver[2].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@atwola[1].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@fastclick[2].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@iacas.adbureau[2].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@imrworldwide[2].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@komtrack[2].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@media.adrevolver[1].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@media.adrevolver[2].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@mediaplex[1].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@revsci[2].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@sonyelectronicssupportus.112.2o7[1].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@tacoda[2].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@tribalfusion[1].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@weborama[2].txt

DaChew View Member Profile	May 18 2008, 06:35 AM Post #17
Visiting Alien Group: Members Posts: 4,257 Joined: 20-May 07 From: millenium falcon and rockytop Member No.: 131,963	that's looking good, would you run another scan with MBAM, it may be all gone now -------------------- Chewy life is like a box of chocolates and stupid is as stupid does but you can always run

moo.moo.bear View Member Profile	May 28 2008, 01:27 AM Post #18
Member Group: Members Posts: 28 Joined: 17-May 08 Member No.: 209,514	I have, I just can't post it til the weekend, sorry! It said that nothing was found. Would it be gone forever or will it come back? Thanks for your help, you owe me big time XD

moo.moo.bear View Member Profile	Jun 1 2008, 06:38 AM Post #19
Member Group: Members Posts: 28 Joined: 17-May 08 Member No.: 209,514	Malwarebytes' Anti-Malware 1.12 Database version: 760 Scan type: Full Scan (C:\\|) Objects scanned: 111173 Time elapsed: 41 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

moo.moo.bear View Member Profile	Jun 30 2008, 02:46 PM Post #20
Member Group: Members Posts: 28 Joined: 17-May 08 Member No.: 209,514	Since my other thread was closed down I guess 'start over' back here. Well I now have a new problem. I did a scan and now I have adware. When the scan is running it stops at one file and won't go on with the scan. Either it takes a very long to time to scan it or something it wrong. It's in the System Volume Information area and it is some kind of restore file. AntiVir also said that it is something that shouldn't be there or infected. It is also a a HEUR/HTML.Maleware file as AntiVir tells me. I haven't done a scan on AntiMaleware yet but I soon will be. Next reply will the scan report from SuperAntiSpyware. Thanks in advance.

moo.moo.bear View Member Profile	Jul 1 2008, 07:24 AM Post #21
Member Group: Members Posts: 28 Joined: 17-May 08 Member No.: 209,514	SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/30/2008 at 06:31 PM Application Version : 4.15.1000 Core Rules Database Version : 3493 Trace Rules Database Version: 1484 Scan type : Complete Scan Total Scan Time : 01:32:17 Memory items scanned : 558 Memory threats detected : 0 Registry items scanned : 5777 Registry threats detected : 0 File items scanned : 54383 File threats detected : 2 Adware.Tracking Cookie .atdmt.com [ C:\Documents and Settings\Jessica Franks\Application Data\Mozilla\Firefox\Profiles\3odj4unm.default\cookies.txt ] .gaiainteractive.112.2o7.net [ C:\Documents and Settings\Jessica Franks\Application Data\Mozilla\Firefox\Profiles\3odj4unm.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Jessica Franks\Application Data\Mozilla\Firefox\Profiles\3odj4unm.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .apmebf.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .fastclick.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .apmebf.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] ar.atwola.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .atwola.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .advertising.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .revsci.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] a2.adserver01.de [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] partners.webmasterplan.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] partners.webmasterplan.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .hitbox.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] .ehg-wacomtechnology.hitbox.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] www.googleadservices.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ] C:\Documents and Settings\Mack Franks\Cookies\mack_franks@atdmt[2].txt C:\Documents and Settings\Mack Franks\Cookies\mack_franks@questionmarket[2].txt

moo.moo.bear View Member Profile	Jul 1 2008, 07:28 AM Post #22
Member Group: Members Posts: 28 Joined: 17-May 08 Member No.: 209,514	I wanted to scan the computer with Malwarebytes' Anti-Maleware but sadly when it got to the System Volume Information it wouldn't respond. I don't know why, but is there some way to fix everything back to normal? Thanks in Advance

DaChew View Member Profile	Jul 1 2008, 08:29 AM Post #23
Visiting Alien Group: Members Posts: 4,257 Joined: 20-May 07 From: millenium falcon and rockytop Member No.: 131,963	Well it looks like you aren't infected, that's the good news, if that's true, the bad news is, you have windows problems and they can worse to fix than malware. However! Let's kill 2 birds with one stone, I would like you to learn to use ATF cleaner and rerun SAS in safe mode http://www.bleepingcomputer.com/forums/ind...mp;#entry634693 follow the directions exactly and complete each step -------------------- Chewy life is like a box of chocolates and stupid is as stupid does but you can always run

moo.moo.bear View Member Profile	Jul 1 2008, 10:30 AM Post #24
Member Group: Members Posts: 28 Joined: 17-May 08 Member No.: 209,514	Well I wanted to go on Safe Mode but all what it did was a black screen and listing files in the folder System 32. I just freaked out, only other family members (My brother and dad) went on Safe Mode. So I don't know what will happen when the computer is on Safe Mode.

DaChew View Member Profile	Jul 1 2008, 11:01 AM Post #25
Visiting Alien Group: Members Posts: 4,257 Joined: 20-May 07 From: millenium falcon and rockytop Member No.: 131,963	Please have them do it for you the first time, It's easy once you get used to it It's also an essential skill today if you are going to keep your computer disinfected, if nothing bad ever gets thru you might not need it There are many more uses for it tho -------------------- Chewy life is like a box of chocolates and stupid is as stupid does but you can always run

moo.moo.bear View Member Profile	Jul 1 2008, 11:15 AM Post #26
Member Group: Members Posts: 28 Joined: 17-May 08 Member No.: 209,514	Ok, I have to wait though. Both are work, so I guess I'll draw something with photoshop. Nothing bad can happen there XD ....Well I hope

DaChew View Member Profile	Jul 1 2008, 12:06 PM Post #27
Visiting Alien Group: Members Posts: 4,257 Joined: 20-May 07 From: millenium falcon and rockytop Member No.: 131,963	there's a reason they call safe mode SAFE it keeps a lot of stuff that isn't safe from loading -------------------- Chewy life is like a box of chocolates and stupid is as stupid does but you can always run

moo.moo.bear View Member Profile	Jul 1 2008, 12:23 PM Post #28
Member Group: Members Posts: 28 Joined: 17-May 08 Member No.: 209,514	Well at the moment I'm not on safe mode so yea. I read the guide on how to put it on safe mode. I think I'll do it the other instead of doing f8 one. But I'm still going to wait till someone comes home since I want someone to watch what I do. lol

DaChew View Member Profile	Jul 1 2008, 01:16 PM Post #29
Visiting Alien Group: Members Posts: 4,257 Joined: 20-May 07 From: millenium falcon and rockytop Member No.: 131,963	As stated in my link on safe mode, the dangerous part is forcing a safe mode boot by using msconfig and that's only dangerous when you have a bad malware infection -------------------- Chewy life is like a box of chocolates and stupid is as stupid does but you can always run

moo.moo.bear View Member Profile	Jul 1 2008, 02:15 PM Post #30
Member Group: Members Posts: 28 Joined: 17-May 08 Member No.: 209,514	I can still do it right? Since in the reply before you said that I'm infected. So no worries right?

« Next Oldest · Am I infected? What do I do? · Next Newest »

3 Pages

< 1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 6th September 2008 - 02:14 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides