pinkshoegirl Posted February 26, 2010 ID:206045 Share Posted February 26, 2010 Regarding my previous post, this is the only log I am able to get - the defogger never asked me to reboot, I was not able to download the DDS to my desktop - I had to run it, so I'm not sure if this will even be sufficient. I can't seem to download anything new to my desktop.DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 20:23:14.60 on Thu 02/25/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.470 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============I:\WINDOWS\system32\Ati2evxx.exeI:\WINDOWS\system32\svchost -k DcomLaunchI:\WINDOWS\system32\svchost -k rpcssI:\WINDOWS\System32\svchost.exe -k netsvcsI:\WINDOWS\system32\svchost.exe -k NetworkServiceI:\WINDOWS\system32\svchost.exe -k LocalServiceI:\WINDOWS\system32\spoolsv.exeI:\WINDOWS\system32\Ati2evxx.exeI:\WINDOWS\Explorer.EXEI:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeI:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeI:\Program Files\Bonjour\mDNSResponder.exeI:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeI:\WINDOWS\eHome\ehRecvr.exeI:\WINDOWS\eHome\ehSched.exeI:\Program Files\Java\jre6\bin\jqs.exeI:\PROGRA~1\McAfee\MSC\mcmscsvc.exei:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exei:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeI:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeI:\Program Files\McAfee\MPF\MPFSrv.exeI:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exeI:\WINDOWS\system32\svchost.exe -k imgsvcI:\WINDOWS\wanmpsvc.exei:\PROGRA~1\mcafee.com\agent\mcagent.exeI:\WINDOWS\system32\dllhost.exeI:\Documents and Settings\Owner\Local Settings\Application Data\av.exeI:\Program Files\Winamp\winampa.exeI:\Program Files\Java\jre6\bin\jusched.exeI:\Program Files\Common Files\AOL\1149769522\ee\AOLSoftware.exeI:\WINDOWS\SM1BG.EXEI:\WINDOWS\ehome\ehtray.exeI:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXEI:\Program Files\ATI Technologies\ATI.ACE\cli.exeI:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeI:\Program Files\Napster\napster.exeI:\Program Files\iTunes\iTunesHelper.exeI:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeI:\Program Files\QuickTime\QTTask.exeI:\WINDOWS\eHome\ehmsas.exeI:\WINDOWS\system32\ctfmon.exeI:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeI:\Program Files\iPod\bin\iPodService.exeI:\Program Files\ATI Technologies\ATI.ACE\cli.exeI:\Program Files\ATI Technologies\ATI.ACE\cli.exeI:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exei:\PROGRA~1\mcafee\msc\mcuimgr.exeI:\Program Files\AOL 9.1\waol.exeI:\Program Files\AOL 9.1\shellmon.exeI:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exeI:\WINDOWS\system32\msdtc.exeI:\WINDOWS\System32\vssvc.exeI:\WINDOWS\system32\dllhost.exeI:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CSJKR229\dds[1].scrI:\WINDOWS\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.aol.com/uSearch Page = hxxp://www.google.comuSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70auSearch Bar = hxxp://www.google.com/iemDefault_Page_URL = hxxp://www.aol.com/?src=customie7mDefault_Search_URL = hxxp://www.google.com/iemSearch Page = hxxp://www.google.commStart Page = hxxp://www.google.commSearchAssistant = hxxp://www.google.comuURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - i:\program files\aol\aol toolbar 5.0\aoltb.dllmURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - i:\program files\aol\aol toolbar 5.0\aoltb.dllTB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - i:\program files\aol\aol toolbar 5.0\aoltb.dllTB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No FileTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - i:\windows\system32\Shdocvw.dlluRun: [Aim6] uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exemRun: [EPSON Stylus Photo RX620 Series] i:\windows\system32\spool\drivers\w32x86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"mRun: [WinampAgent] i:\program files\winamp\winampa.exemRun: [sunJavaUpdateSched] "i:\program files\java\jre6\bin\jusched.exe"mRun: [sM1BG] i:\windows\SM1BG.EXEmRun: [Pure Networks Port Magic] "i:\progra~1\purene~1\portma~1\PortAOL.exe" -RunmRun: [HostManager] i:\program files\common files\aol\1149769522\ee\AOLSoftware.exemRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exemRun: [ehTray] i:\windows\ehome\ehtray.exemRun: [ATICCC] "i:\program files\ati technologies\ati.ace\cli.exe" runtime -DelaymRun: [AOLDialer] i:\program files\common files\aol\acs\AOLDial.exemRun: [Adobe Photo Downloader] "i:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"mRun: [NapsterShell] i:\program files\napster\napster.exe /systraymRun: [mcagent_exe] i:\program files\mcafee.com\agent\mcagent.exe /runkeymRun: [Carbonite Backup] i:\program files\carbonite\carbonite backup\CarboniteUI.exemRun: [QuickTime Task] "i:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "i:\program files\itunes\iTunesHelper.exe"mRun: [Hfonudihosozido] rundll32.exe "i:\windows\atajaqap.dll",StartupStartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - i:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exeuPolicies-system: EnableProfileQuota = 1 (0x1)IE: &AOL Toolbar Search - i:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.htmlIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - i:\program files\messenger\msmsgs.exeIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - i:\windows\system32\Shdocvw.dllDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabNotify: AtiExtEvent - Ati2evxx.dll============= SERVICES / DRIVERS ===============R0 sonypvl2;sonypvl2;i:\windows\system32\drivers\sonypvl2.sys [2006-6-11 19478]R1 mfehidk;McAfee Inc. mfehidk;i:\windows\system32\drivers\mfehidk.sys [2007-12-17 201320]R1 sonypvf2;sonypvf2;i:\windows\system32\drivers\sonypvf2.sys [2006-6-11 635017]R1 sonypvt2;sonypvt2;i:\windows\system32\drivers\sonypvt2.sys [2006-6-11 431236]R2 McProxy;McAfee Proxy Service;i:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-4 359248]R2 McShield;McAfee Real-time Scanner;i:\progra~1\mcafee\viruss~1\mcshield.exe [2007-12-17 144704]R3 McSysmon;McAfee SystemGuards;i:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-12-17 695624]R3 mfeavfk;McAfee Inc. mfeavfk;i:\windows\system32\drivers\mfeavfk.sys [2007-12-17 79304]R3 mfebopk;McAfee Inc. mfebopk;i:\windows\system32\drivers\mfebopk.sys [2007-12-17 35240]R3 mfesmfk;McAfee Inc. mfesmfk;i:\windows\system32\drivers\mfesmfk.sys [2007-12-17 40488]S1 sonypvd2;sonypvd2;i:\windows\system32\drivers\sonypvd2.sys [2006-6-11 64093]S3 mferkdk;McAfee Inc. mferkdk;i:\windows\system32\drivers\mferkdk.sys [2007-12-17 33832]S3 MSSQL$NR2005;MSSQL$NR2005;i:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -snr2005 --> i:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -sNR2005 [?]S3 SQLAgent$NR2005;SQLAgent$NR2005;i:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.exe -i nr2005 --> i:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.EXE -i NR2005 [?]=============== Created Last 30 ================2010-02-26 01:20:41 0 ----a-w- i:\documents and settings\owner\defogger_reenable2010-02-11 01:40:25 0 ----a-w- i:\windows\Bbaxiyaparohi.bin2010-02-11 01:40:24 120 ----a-w- i:\windows\Gpujagakusa.dat2010-02-11 01:36:11 35328 ---ha-w- i:\windows\system32\cmdl2bin.dll==================== Find3M ====================2010-01-07 21:07:14 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys2010-01-07 21:07:04 19160 ----a-w- i:\windows\system32\drivers\mbam.sys2003-08-27 18:19:18 36963 ------r- i:\program files\common files\SM1updtr.dll============= FINISH: 20:23:57.84 =============== Link to post Share on other sites More sharing options...
Maniac Posted February 26, 2010 ID:206148 Share Posted February 26, 2010 Hello pinkshoegirl! Welcome to MalwareBytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install any software or hardware, while work on.Please use this button: , not this: Now:Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)There are 4 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin You only need to get one of them to run, not all of them.rkill.exerkill.comrkill.scrrkill.pifWiNlOgOn.exeuSeRiNiT.exePlease post the log in your next reply.Note: The log can be found at the root of your installed hard drive entitled rkill.logIn your next reply, please include these log(s):* Rkill log* DDS log* Attach log Link to post Share on other sites More sharing options...
pinkshoegirl Posted February 26, 2010 Author ID:206248 Share Posted February 26, 2010 Hi and thank you! I was able to run (not save and run) the rkill.exe - it closed the malware that was running and mcafee came up with a box that asked if i wanted to allow a registry change. i had to hit "allow this change" for the rkill to finish. However I cannot find the log. Here are the other 2 logs I had saved prior. The malware is starting to run again.Thanks so much, I'm on my way to work but will be back in a few hours to check this!~KimAttach.zipDDS.zip Link to post Share on other sites More sharing options...
pinkshoegirl Posted February 26, 2010 Author ID:206254 Share Posted February 26, 2010 the registry change i allowed in mcafee was:I:\Documents and Settings\Owner\Local Settings\Temp\2C2.tmp\pev.rkexeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerI hope this was okay Link to post Share on other sites More sharing options...
Maniac Posted February 26, 2010 ID:206499 Share Posted February 26, 2010 Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.Post the log from ComboFix.Important notes regarding ComboFix:ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming. Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions. Link to post Share on other sites More sharing options...
pinkshoegirl Posted February 26, 2010 Author ID:206542 Share Posted February 26, 2010 Comfo-fix ran successfully here is the log...combo_fix_log.txt Link to post Share on other sites More sharing options...
Maniac Posted February 27, 2010 ID:206743 Share Posted February 27, 2010 Step 1:Please uninstall the following applications:Adobe Reader 7.0.8 AOL Toolbar 5.0When finish our work, please download and install the latest version of Adobe Reader from:http://www.adobe.comStep 2:I also see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerStep 3:Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVAThen run this tool to help cleanup any left over JavaYour Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please download JavaRa and unzip it to your desktop.***Please close any instances of Internet Explorer (or other web browser) before continuing!***Double-click on JavaRa.exe to start the program.From the drop-down menu, choose English and click on Select.JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.A logfile will pop up. Please save it to a convenient location and post it back when you replyThen look for the following Java folders and if found delete them.C:\Program Files\JavaC:\Program Files\Common Files\JavaC:\Windows\SunC:\Documents and Settings\All Users\Application Data\JavaC:\Documents and Settings\All Users\Application Data\Sun\JavaC:\Documents and Settings\username\Application Data\JavaC:\Documents and Settings\username\Application Data\Sun\JavaStep 4:Open Notepad and copy and paste the text in the code box below into it:http://forums.malwarebytes.org/index.php?showtopic=41523KillAll::Collect::i:\windows\Bbaxiyaparohi.bini:\windows\Gpujagakusa.datDDS::TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No FileTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -Save the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.Step 5:Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :filefind*proquota* Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txtIn your next reply, please include these log(s):* JavaRa log* ComboFix log* SystemLook log Link to post Share on other sites More sharing options...
pinkshoegirl Posted February 27, 2010 Author ID:206840 Share Posted February 27, 2010 I was able to run all the above steps. Here are the requested logs.JavaRa.zipComboFix_log.zipSystemLook.zip Link to post Share on other sites More sharing options...
Maniac Posted February 27, 2010 ID:206844 Share Posted February 27, 2010 Thanks Kim!Step 1:Please download proquota.exe and save it on your desktop.Step 2:Start your computer in Safe Mode:http://www.microsoft.com/resources/documen...e.mspx?mfr=trueStep 3:Copy proquota.exe and save it on:i:\windows\system32\Step 4:Reboot your computer.Step 5:Delete your copy of ComboFix.exe and try again:Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.Post the log from ComboFix.Important notes regarding ComboFix:ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming. Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions. Link to post Share on other sites More sharing options...
pinkshoegirl Posted February 27, 2010 Author ID:206873 Share Posted February 27, 2010 here is the combofix logcombofix.zip Link to post Share on other sites More sharing options...
Maniac Posted February 27, 2010 ID:206876 Share Posted February 27, 2010 Perfect, Kim! Now:Launch Malwarebytes' Anti-MalwareIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Link to post Share on other sites More sharing options...
pinkshoegirl Posted February 27, 2010 Author ID:206883 Share Posted February 27, 2010 Malwarebytes' Anti-Malware 1.44Database version: 3510Windows 5.1.2600 Service Pack 2Internet Explorer 7.0.5730.132/27/2010 12:31:13 PMmbam-log-2010-02-27 (12-31-13).txtScan type: Quick ScanObjects scanned: 108105Time elapsed: 3 minute(s), 48 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Maniac Posted February 27, 2010 ID:206896 Share Posted February 27, 2010 Your database is not updated.Your version:Database version: 3510Current version:Database version: 3802Please try again! Link to post Share on other sites More sharing options...
pinkshoegirl Posted February 27, 2010 Author ID:206913 Share Posted February 27, 2010 Malwarebytes' Anti-Malware 1.44Database version: 3803Windows 5.1.2600 Service Pack 2Internet Explorer 7.0.5730.132/27/2010 1:16:38 PMmbam-log-2010-02-27 (13-16-38).txtScan type: Quick ScanObjects scanned: 115480Time elapsed: 3 minute(s), 48 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Maniac Posted February 27, 2010 ID:206917 Share Posted February 27, 2010 That's right! Let's try with:ESET Online ScannerNote: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install.Now click on Advanced Settings and select the following:Remove found threatsScan archivesScan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.[*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first![*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.[*]Copy and paste that log as a reply to this topic.Note: Do not forget to re-enable your Anti-Virus application after running the above scan!Finally tell me how are things running now. Link to post Share on other sites More sharing options...
pinkshoegirl Posted February 27, 2010 Author ID:206931 Share Posted February 27, 2010 I cannot get this to run, when I install the active x all i see is a little box in the upper left corner with a circle, square and triangle in it. Do I need to reinstall Java? Link to post Share on other sites More sharing options...
Maniac Posted February 27, 2010 ID:206943 Share Posted February 27, 2010 Would you make the screenshot? Link to post Share on other sites More sharing options...
pinkshoegirl Posted February 27, 2010 Author ID:207044 Share Posted February 27, 2010 When I made the screen shot as soon as I zipped the file the eset scanner started working. It is 33% finished at the moment, will post the log shortly - thanks! Link to post Share on other sites More sharing options...
pinkshoegirl Posted February 27, 2010 Author ID:207070 Share Posted February 27, 2010 Here is the log. Things seem to be running smoothly! Link to post Share on other sites More sharing options...
pinkshoegirl Posted February 27, 2010 Author ID:207073 Share Posted February 27, 2010 Oops sorry! Here it is!ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130)# OnlineScanner.ocx=1.0.0.6211# api_version=3.0.2# EOSSerial=6d4b11f152358d4f864c05bfbafb317f# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2010-02-27 10:33:22# local_time=2010-02-27 05:33:22 (-0500, Eastern Standard Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 2# compatibility_mode=5121 16776873 100 96 46747737 81091729 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=132463# found=2# cleaned=2# scan_time=3774I:\Qoobox\Quarantine\I\Documents and Settings\Owner\Local Settings\Application Data\av.exe.vir a variant of Win32/Kryptik.CQW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CI:\Qoobox\Quarantine\I\WINDOWS\system32\cmdl2bin.dll.vir.vir a variant of Win32/PSW.Papras.AW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 Clog.zip Link to post Share on other sites More sharing options...
Maniac Posted February 28, 2010 ID:207218 Share Posted February 28, 2010 Excellent! That's all! Some final steps:Step 1:Please manually delete: DDS; Rkill; JavaRa; SystemLook;Step 2:* Go to start > run and copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.Step 3:Please locate to:C:\Program Files\ESET\ESET Online Scanner\and run OnlineScannerUninstaller.exe . Follow the instructions to successfully uninstall ESET Online Scanner.Step 4:Some preventions:http://users.telenet.be/bluepatchy/miekiem...prevention.htmlI'm so glad we got to work together, Kim!Safe surfing! Link to post Share on other sites More sharing options...
pinkshoegirl Posted March 1, 2010 Author ID:207671 Share Posted March 1, 2010 Ha! I didn't realize this had gone to a second page and was patiently awaiting a response Thank you so much for your help, and for the recommendations! I appreciate your time and expertise!~Kim Link to post Share on other sites More sharing options...
Maniac Posted March 1, 2010 ID:207727 Share Posted March 1, 2010 You're welcome!Good luck, Kim! Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 1, 2010 ID:208000 Share Posted March 1, 2010 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts