THANK YOU!!!

View previous topic View next topic Go down

THANK YOU!!!

Post by kaizaro on 25th November 2008, 10:00 am

You guys are awesome!! I cannot thank you enough. I followed the appropriate thread and was able to easily remove backdoor.tidserv.inf! I normally run Norton but it was unable to remove it. (Is there any sense in buying a product that won't do its job? Any suggestions?). I'm no computer expert, so i hope the following are the correct logs. (I had interrupted the scan so there are two logs). Again, Thank you, thank you, thank you!!!

Malwarebytes' Anti-Malware 1.30
Database version: 1421
Windows 5.1.2600 Service Pack 3

11/24/2008 7:06:07 PM
mbam-log-2008-11-24 (19-06-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 78577
Time elapsed: 2 hour(s), 53 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

here's the second log...

Malwarebytes' Anti-Malware 1.30
Database version: 1421
Windows 5.1.2600 Service Pack 3

11/25/2008 12:54:09 AM
mbam-log-2008-11-25 (00-54-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 140957
Time elapsed: 3 hour(s), 53 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 8
Folders Infected: 8
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.6 85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a87aa646-cc03-4ad3-bc58-59f9c4d3e4fe}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.6,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.6 85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a87aa646-cc03-4ad3-bc58-59f9c4d3e4fe}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.6,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.6 85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a87aa646-cc03-4ad3-bc58-59f9c4d3e4fe}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.6,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.6 85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{a87aa646-cc03-4ad3-bc58-59f9c4d3e4fe}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.6,85.255.112.20 -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aretha\Local Settings\Temp\dat63.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aretha\Local Settings\Temp\dat64.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Munene\Local Settings\Temp\dat69.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS408c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS4483.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Munene\Local Settings\Temp\TDSS600f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Munene\Local Settings\Temp\TDSS603e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\TDSSdxgp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\TDSSwkod.log (Trojan.TDSS) -> Quarantined and deleted successfully.

Y'all ROCK!

kaizaro
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2008-11-24
OS OS : Mombasa1
Points Points : 29380
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THANK YOU!!!

Post by Doctor Inferno on 25th November 2008, 2:20 pm

Moderated Message:Moved from Welcome New Members.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THANK YOU!!!

Post by Jerry Parnell on 25th November 2008, 7:36 pm

Its good to see a satisfied member! Bow or Thanks

If you would like some suggestions for anti-virus and anti-spyware products, please visit our freeware section, where you will find threads related to security products that actually work.

Jerry Parnell
Leader
Leader

Posts Posts : 670
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : Windows Vista Home Basic
Points Points : 30764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THANK YOU!!!

Post by Belahzur on 26th November 2008, 2:31 am

Hello kaizaro.
If you are still seeking help here, please read this thread:
[You must be registered and logged in to see this link.]
and post a new Hijack This log here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: THANK YOU!!!

Post by Doctor Inferno on 5th December 2008, 3:28 am

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum