Jump to content

DDS File


Recommended Posts

Regarding my previous post, this is the only log I am able to get - the defogger never asked me to reboot, I was not able to download the DDS to my desktop - I had to run it, so I'm not sure if this will even be sufficient. I can't seem to download anything new to my desktop.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Owner at 20:23:14.60 on Thu 02/25/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.470 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

I:\WINDOWS\system32\Ati2evxx.exe

I:\WINDOWS\system32\svchost -k DcomLaunch

I:\WINDOWS\system32\svchost -k rpcss

I:\WINDOWS\System32\svchost.exe -k netsvcs

I:\WINDOWS\system32\svchost.exe -k NetworkService

I:\WINDOWS\system32\svchost.exe -k LocalService

I:\WINDOWS\system32\spoolsv.exe

I:\WINDOWS\system32\Ati2evxx.exe

I:\WINDOWS\Explorer.EXE

I:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

I:\Program Files\Bonjour\mDNSResponder.exe

I:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

I:\WINDOWS\eHome\ehRecvr.exe

I:\WINDOWS\eHome\ehSched.exe

I:\Program Files\Java\jre6\bin\jqs.exe

I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

i:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

I:\Program Files\McAfee\MPF\MPFSrv.exe

I:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

I:\WINDOWS\system32\svchost.exe -k imgsvc

I:\WINDOWS\wanmpsvc.exe

i:\PROGRA~1\mcafee.com\agent\mcagent.exe

I:\WINDOWS\system32\dllhost.exe

I:\Documents and Settings\Owner\Local Settings\Application Data\av.exe

I:\Program Files\Winamp\winampa.exe

I:\Program Files\Java\jre6\bin\jusched.exe

I:\Program Files\Common Files\AOL\1149769522\ee\AOLSoftware.exe

I:\WINDOWS\SM1BG.EXE

I:\WINDOWS\ehome\ehtray.exe

I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE

I:\Program Files\ATI Technologies\ATI.ACE\cli.exe

I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

I:\Program Files\Napster\napster.exe

I:\Program Files\iTunes\iTunesHelper.exe

I:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

I:\Program Files\QuickTime\QTTask.exe

I:\WINDOWS\eHome\ehmsas.exe

I:\WINDOWS\system32\ctfmon.exe

I:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

I:\Program Files\iPod\bin\iPodService.exe

I:\Program Files\ATI Technologies\ATI.ACE\cli.exe

I:\Program Files\ATI Technologies\ATI.ACE\cli.exe

I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

i:\PROGRA~1\mcafee\msc\mcuimgr.exe

I:\Program Files\AOL 9.1\waol.exe

I:\Program Files\AOL 9.1\shellmon.exe

I:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

I:\WINDOWS\system32\msdtc.exe

I:\WINDOWS\System32\vssvc.exe

I:\WINDOWS\system32\dllhost.exe

I:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CSJKR229\dds[1].scr

I:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

uSearch Bar = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.aol.com/?src=customie7

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearchAssistant = hxxp://www.google.com

uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - i:\program files\aol\aol toolbar 5.0\aoltb.dll

mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - i:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - i:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - i:\windows\system32\Shdocvw.dll

uRun: [Aim6]

uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe

mRun: [EPSON Stylus Photo RX620 Series] i:\windows\system32\spool\drivers\w32x86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"

mRun: [WinampAgent] i:\program files\winamp\winampa.exe

mRun: [sunJavaUpdateSched] "i:\program files\java\jre6\bin\jusched.exe"

mRun: [sM1BG] i:\windows\SM1BG.EXE

mRun: [Pure Networks Port Magic] "i:\progra~1\purene~1\portma~1\PortAOL.exe" -Run

mRun: [HostManager] i:\program files\common files\aol\1149769522\ee\AOLSoftware.exe

mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

mRun: [ehTray] i:\windows\ehome\ehtray.exe

mRun: [ATICCC] "i:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [AOLDialer] i:\program files\common files\aol\acs\AOLDial.exe

mRun: [Adobe Photo Downloader] "i:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [NapsterShell] i:\program files\napster\napster.exe /systray

mRun: [mcagent_exe] i:\program files\mcafee.com\agent\mcagent.exe /runkey

mRun: [Carbonite Backup] i:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [QuickTime Task] "i:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "i:\program files\itunes\iTunesHelper.exe"

mRun: [Hfonudihosozido] rundll32.exe "i:\windows\atajaqap.dll",Startup

StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - i:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

uPolicies-system: EnableProfileQuota = 1 (0x1)

IE: &AOL Toolbar Search - i:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - i:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - i:\windows\system32\Shdocvw.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R0 sonypvl2;sonypvl2;i:\windows\system32\drivers\sonypvl2.sys [2006-6-11 19478]

R1 mfehidk;McAfee Inc. mfehidk;i:\windows\system32\drivers\mfehidk.sys [2007-12-17 201320]

R1 sonypvf2;sonypvf2;i:\windows\system32\drivers\sonypvf2.sys [2006-6-11 635017]

R1 sonypvt2;sonypvt2;i:\windows\system32\drivers\sonypvt2.sys [2006-6-11 431236]

R2 McProxy;McAfee Proxy Service;i:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-4 359248]

R2 McShield;McAfee Real-time Scanner;i:\progra~1\mcafee\viruss~1\mcshield.exe [2007-12-17 144704]

R3 McSysmon;McAfee SystemGuards;i:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-12-17 695624]

R3 mfeavfk;McAfee Inc. mfeavfk;i:\windows\system32\drivers\mfeavfk.sys [2007-12-17 79304]

R3 mfebopk;McAfee Inc. mfebopk;i:\windows\system32\drivers\mfebopk.sys [2007-12-17 35240]

R3 mfesmfk;McAfee Inc. mfesmfk;i:\windows\system32\drivers\mfesmfk.sys [2007-12-17 40488]

S1 sonypvd2;sonypvd2;i:\windows\system32\drivers\sonypvd2.sys [2006-6-11 64093]

S3 mferkdk;McAfee Inc. mferkdk;i:\windows\system32\drivers\mferkdk.sys [2007-12-17 33832]

S3 MSSQL$NR2005;MSSQL$NR2005;i:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -snr2005 --> i:\program files\microsoft sql server\mssql$nr2005\binn\sqlservr.exe -sNR2005 [?]

S3 SQLAgent$NR2005;SQLAgent$NR2005;i:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.exe -i nr2005 --> i:\program files\microsoft sql server\mssql$nr2005\binn\sqlagent.EXE -i NR2005 [?]

=============== Created Last 30 ================

2010-02-26 01:20:41 0 ----a-w- i:\documents and settings\owner\defogger_reenable

2010-02-11 01:40:25 0 ----a-w- i:\windows\Bbaxiyaparohi.bin

2010-02-11 01:40:24 120 ----a-w- i:\windows\Gpujagakusa.dat

2010-02-11 01:36:11 35328 ---ha-w- i:\windows\system32\cmdl2bin.dll

==================== Find3M ====================

2010-01-07 21:07:14 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 21:07:04 19160 ----a-w- i:\windows\system32\drivers\mbam.sys

2003-08-27 18:19:18 36963 ------r- i:\program files\common files\SM1updtr.dll

============= FINISH: 20:23:57.84 ===============

Link to post
Share on other sites

Hello pinkshoegirl! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install any software or hardware, while work on.

Please use this button: t_reply.gif , not this: t_new.gif

Now:

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
  5. WiNlOgOn.exe
  6. uSeRiNiT.exe

Please post the log in your next reply.

Note: The log can be found at the root of your installed hard drive entitled rkill.log

In your next reply, please include these log(s):

* Rkill log

* DDS log

* Attach log

Link to post
Share on other sites

Hi :) and thank you! I was able to run (not save and run) the rkill.exe - it closed the malware that was running and mcafee came up with a box that asked if i wanted to allow a registry change. i had to hit "allow this change" for the rkill to finish. However I cannot find the log. Here are the other 2 logs I had saved prior. The malware is starting to run again.

Thanks so much, I'm on my way to work but will be back in a few hours to check this!

~Kim

Attach.zip

DDS.zip

Link to post
Share on other sites

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.

Link to post
Share on other sites

Step 1:

Please uninstall the following applications:

Adobe Reader 7.0.8

AOL Toolbar 5.0

When finish our work, please download and install the latest version of Adobe Reader from:

http://www.adobe.com

Step 2:

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 3:

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 4:

Open Notepad and copy and paste the text in the code box below into it:

http://forums.malwarebytes.org/index.php?showtopic=41523

KillAll::

Collect::
i:\windows\Bbaxiyaparohi.bin
i:\windows\Gpujagakusa.dat

DDS::
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Step 5:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *proquota*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

In your next reply, please include these log(s):

* JavaRa log

* ComboFix log

* SystemLook log

Link to post
Share on other sites

Thanks Kim!

Step 1:

Please download proquota.exe and save it on your desktop.

Step 2:

Start your computer in Safe Mode:

http://www.microsoft.com/resources/documen...e.mspx?mfr=true

Step 3:

Copy proquota.exe and save it on:

i:\windows\system32\

Step 4:

Reboot your computer.

Step 5:

Delete your copy of ComboFix.exe and try again:

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.

Link to post
Share on other sites

Perfect, Kim! ;)

Now:

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

2/27/2010 12:31:13 PM

mbam-log-2010-02-27 (12-31-13).txt

Scan type: Quick Scan

Objects scanned: 108105

Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.44

Database version: 3803

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

2/27/2010 1:16:38 PM

mbam-log-2010-02-27 (13-16-38).txt

Scan type: Quick Scan

Objects scanned: 115480

Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

That's right! Let's try with:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Finally tell me how are things running now.

Link to post
Share on other sites

Oops sorry! Here it is!

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=6d4b11f152358d4f864c05bfbafb317f

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-02-27 10:33:22

# local_time=2010-02-27 05:33:22 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=5121 16776873 100 96 46747737 81091729 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=132463

# found=2

# cleaned=2

# scan_time=3774

I:\Qoobox\Quarantine\I\Documents and Settings\Owner\Local Settings\Application Data\av.exe.vir a variant of Win32/Kryptik.CQW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

I:\Qoobox\Quarantine\I\WINDOWS\system32\cmdl2bin.dll.vir.vir a variant of Win32/PSW.Papras.AW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

log.zip

Link to post
Share on other sites

Excellent! That's all! :)

Some final steps:

Step 1:

Please manually delete: DDS; Rkill; JavaRa; SystemLook;

Step 2:

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 3:

Please locate to:

C:\Program Files\ESET\ESET Online Scanner\

and run OnlineScannerUninstaller.exe . Follow the instructions to successfully uninstall ESET Online Scanner.

Step 4:

Some preventions:

http://users.telenet.be/bluepatchy/miekiem...prevention.html

I'm so glad we got to work together, Kim!

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.