Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijacked roicharger


  • Please log in to reply
12 replies to this topic

#1 mikeb2623

mikeb2623

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 AM

Posted 17 March 2011 - 02:58 PM

I have read your forum on the previous people who have been infected. I have downloaded the tddskiller. It took only 14 sec to scan and I do not think that it generated a log. Please let me know of the specifics on what to do. Thank you

BC AdBot (Login to Remove)

 


#2 mikeb2623

mikeb2623
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 AM

Posted 17 March 2011 - 03:07 PM

I actually figured it out, Thank You

2011/03/17 16:04:34.0675 3504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/17 16:04:34.0707 3504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/17 16:04:34.0753 3504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/17 16:04:34.0800 3504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/17 16:04:34.0816 3504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/17 16:04:34.0847 3504 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/17 16:04:34.0878 3504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/17 16:04:34.0925 3504 Shockprf (c45942985943fc4ab8a7ea7a92f29c00) C:\Windows\system32\DRIVERS\Apsx64.sys
2011/03/17 16:04:34.0956 3504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/17 16:04:34.0987 3504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/17 16:04:35.0003 3504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/17 16:04:35.0065 3504 smihlp (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
2011/03/17 16:04:35.0097 3504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/17 16:04:35.0190 3504 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/03/17 16:04:35.0190 3504 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/03/17 16:04:35.0190 3504 sptd - detected Locked file (1)

2011/03/17 16:04:35.0237 3504 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
2011/03/17 16:04:35.0268 3504 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/17 16:04:35.0299 3504 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/03/17 16:04:35.0346 3504 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/03/17 16:04:35.0393 3504 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/03/17 16:04:35.0440 3504 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/17 16:04:35.0487 3504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/17 16:04:35.0533 3504 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/03/17 16:04:35.0596 3504 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/03/17 16:04:35.0627 3504 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/03/17 16:04:35.0674 3504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/03/17 16:04:35.0721 3504 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/17 16:04:35.0814 3504 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/03/17 16:04:35.0877 3504 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/17 16:04:35.0923 3504 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/17 16:04:35.0970 3504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/17 16:04:35.0986 3504 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/17 16:04:36.0033 3504 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/17 16:04:36.0048 3504 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/03/17 16:04:36.0142 3504 TPDIGIMN (6db3fae611554dc373e266ed50111b1c) C:\Windows\system32\DRIVERS\ApsHM64.sys
2011/03/17 16:04:36.0173 3504 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
2011/03/17 16:04:36.0220 3504 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
2011/03/17 16:04:36.0282 3504 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/17 16:04:36.0345 3504 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/03/17 16:04:36.0423 3504 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/17 16:04:36.0469 3504 TurboB (53ff5f00eab07e329abe48ae3de4f5d7) C:\Windows\system32\DRIVERS\TurboB.sys
2011/03/17 16:04:36.0516 3504 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
2011/03/17 16:04:36.0547 3504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/17 16:04:36.0594 3504 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/17 16:04:36.0672 3504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/17 16:04:36.0703 3504 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/03/17 16:04:36.0735 3504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/17 16:04:36.0766 3504 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/03/17 16:04:36.0797 3504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/03/17 16:04:36.0828 3504 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/17 16:04:36.0891 3504 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/03/17 16:04:36.0922 3504 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/17 16:04:36.0969 3504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/17 16:04:37.0000 3504 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/17 16:04:37.0047 3504 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/17 16:04:37.0093 3504 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/03/17 16:04:37.0140 3504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/03/17 16:04:37.0171 3504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/17 16:04:37.0203 3504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/17 16:04:37.0234 3504 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/03/17 16:04:37.0249 3504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/03/17 16:04:37.0281 3504 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/03/17 16:04:37.0296 3504 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/03/17 16:04:37.0327 3504 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/03/17 16:04:37.0390 3504 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/03/17 16:04:37.0421 3504 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/03/17 16:04:37.0468 3504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/17 16:04:37.0499 3504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/17 16:04:37.0515 3504 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/17 16:04:37.0561 3504 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/03/17 16:04:37.0593 3504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/17 16:04:37.0655 3504 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 16:04:37.0655 3504 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 16:04:37.0749 3504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/17 16:04:37.0795 3504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/17 16:04:37.0858 3504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/17 16:04:37.0873 3504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/17 16:04:37.0920 3504 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/03/17 16:04:38.0029 3504 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.sys
2011/03/17 16:04:38.0092 3504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/17 16:04:38.0139 3504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/17 16:04:38.0201 3504 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/03/17 16:04:38.0217 3504 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/17 16:04:38.0279 3504 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/03/17 16:04:38.0341 3504 ================================================================================
2011/03/17 16:04:38.0341 3504 Scan finished
2011/03/17 16:04:38.0341 3504 ================================================================================
2011/03/17 16:04:38.0341 5484 Detected object count: 1
2011/03/17 16:04:45.0393 5484 Locked file(sptd) - User select action: Skip

#3 mikeb2623

mikeb2623
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 AM

Posted 17 March 2011 - 04:03 PM

I have also ran mbam as well. I did remove the ad rotator. I think I may have it handled but I would definitely appreciate your insight.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4895

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

3/17/2011 4:57:26 PM
mbam-log-2011-03-17 (16-57-26).txt

Scan type: Full scan (C:\|)
Objects scanned: 332570
Time elapsed: 43 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6d2ad15-ffd6-4dc6-6230-f9d151bfe963} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f6d2ad15-ffd6-4dc6-6230-f9d151bfe963} (Adware.AdRotator) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\SysWOW64\dc1040ec.dll (Adware.AdRotator) -> No action taken.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4895

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

3/17/2011 4:58:09 PM
mbam-log-2011-03-17 (16-58-09).txt

Scan type: Full scan (C:\|)
Objects scanned: 332570
Time elapsed: 43 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6d2ad15-ffd6-4dc6-6230-f9d151bfe963} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6d2ad15-ffd6-4dc6-6230-f9d151bfe963} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\SysWOW64\dc1040ec.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:57 PM

Posted 17 March 2011 - 07:59 PM

Hi mike. A few things here.
The TDSS log is OK
Nown the MBAM log is this.. No action taken. So I need to ask if you clicked remove selected.

Also it shows a very old version of MBAM,so lets update it.
Malwarebytes' Anti-Malware 1.46
Database version: 4895

Its now at
Malwarebytes' Anti-Malware 1.50+
Database version: 6093


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Finally also run an Online scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check [b]Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How is it running now?

Edited by boopme, 18 March 2011 - 12:58 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mikeb2623

mikeb2623
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 AM

Posted 18 March 2011 - 11:19 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4895

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

3/17/2011 4:58:09 PM
mbam-log-2011-03-17 (16-58-09).txt

Scan type: Full scan (C:\|)
Objects scanned: 332570
Time elapsed: 43 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6d2ad15-ffd6-4dc6-6230-f9d151bfe963} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6d2ad15-ffd6-4dc6-6230-f9d151bfe963} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\SysWOW64\dc1040ec.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

#6 mikeb2623

mikeb2623
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 AM

Posted 18 March 2011 - 12:17 PM

It seems to have gotten everything running the eset and mabam. I almost forgot about eset I had to use it a while ago. Thank you very much!


C:\$Recycle.Bin\S-1-5-21-3556104387-1541454804-1850345294-1001\$RNT8OYS.rar multiple threats deleted - quarantined
C:\Program Files (x86)\Mozilla Firefox\extensions\{f9c83eaf-0a59-5d1d-ab48-a409964ffd28}\components\7fdb1a24.dll a variant of Win32/Adware.Primawega.AJ application cleaned by deleting - quarantined
C:\Users\Mike B\AppData\Local\Temp\nsxB59A.tmp.exe a variant of Win32/Adware.Toolbar.Shopper.AA application deleted - quarantined
C:\Users\Mike B\AppData\Local\Temp\ish1040920165\defaultOffer\offer_code.txt Win32/Toolbar.Facemoods application cleaned by deleting - quarantined
C:\Users\Mike B\AppData\Local\Temp\ish1040920165\defaultOffer\offer_html.txt Win32/Toolbar.Facemoods application cleaned by deleting - quarantined
C:\Users\Mike B\AppData\Local\Temp\ish1896152272\defaultOffer\offer_code.txt Win32/Toolbar.Facemoods application cleaned by deleting - quarantined
C:\Users\Mike B\AppData\Local\Temp\ish1896152272\defaultOffer\offer_html.txt Win32/Toolbar.Facemoods application cleaned by deleting - quarantined
C:\Users\Mike B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\30f8808a-60f9702c Java/TrojanDownloader.OpenConnection.AA trojan deleted - quarantined

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:57 PM

Posted 18 March 2011 - 01:03 PM

Looking good,but I dont like that MBAm still did not fully Update, this can indicate malware.
Your Last scan
Malwarebytes' Anti-Malware 1.46www.malwarebytes.org

Database version: 4895


Its now at
Malwarebytes' Anti-Malware 1.50+
Database version: 6100

Try again please.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 mikeb2623

mikeb2623
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 AM

Posted 19 March 2011 - 12:39 AM

Seems to be running great, no redirects and pages load much faster. No more transferring data from roicharger.com in the bottom of firefox. Thanks a bunch!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6103

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

3/19/2011 1:36:55 AM
mbam-log-2011-03-19 (01-36-55).txt

Scan type: Quick scan
Objects scanned: 169165
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:57 PM

Posted 19 March 2011 - 09:38 AM

:clapping: If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 mikeb2623

mikeb2623
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 AM

Posted 19 March 2011 - 11:23 AM

I forgot to mention that I disabled System Restore at the very start of the infection. I have left it disabled and it is currently disabled. Your post has reminded me to enable it again so I appreciate that. Curious to know if that is a wise practice with Win 7,I have always done that with XP.

#11 mikeb2623

mikeb2623
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 AM

Posted 19 March 2011 - 11:24 AM

Disabling it only in the event of an infection and then enabling it after you are sure the infection is gone.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:57 PM

Posted 19 March 2011 - 03:01 PM

The usual reason people disable it is over time it will consume drive space. But it is always good to have one. It's the reason I do that step last. Better to have at least an infected one than none should Malware removal or installing a new App make your PC nutty. You can always go back to when it worked and try again. Just make a note to do the clean out evey 6 months or say when you check to defrag.

In 7 Restore points are created automatically every week, and just before significant system events, such as the installation of a program or device driver.

System Restore returns your PC's system files and programs to a time when everything was working fine, potentially preventing hours of troubleshooting headaches. It won't affect your documents, pictures, or other data, and getting to it is simple: just type "system restore" in the Start menu search box.

In Windows 7, you can create more system restore points and see exactly what files will be removed or added when your PC is restored.

http://windows.microsoft.com/en-US/windows7/products/features/system-restore

Also see on that page
•What is System Restore?

•System Restore: frequently asked questions

•Video: Fixing a problem using System Restore

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 mikeb2623

mikeb2623
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 AM

Posted 20 March 2011 - 11:38 AM

I really appreciate all of your help, case closed I would say.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users