DRWEB should cure/delete all of that. Some are backups from combofix and SDFix and the rest are (I believe) related to the remote tools from the backdoor trojan.
HJT looks much better but still some work to do.
Open Hijackthis and select
Do a system scan only.
Place a check mark next to the following entries: (if there)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
O16 - DPF: {D94293A8-568A-4BED-992B-94B9CBDC2148} - http://corp.2by2.net/toolbar/bin/2by2Bar.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -Important: Close all windows except for Hijackthis and then click
Fix checked.
Exit Hijackthis.
----------
Any luck in updating Java?
It looks like safe mode is still the only option, can you do an online scan in Safe mode with network support? I suppose so since you ran ESET.
BitDefender updated their online scanner recently to include their spyware database so I would like to run that now.
----------
This scanner works with Internet Explorer onlyGo to the
BitDefender Online ScannerClick
I Agree to the license and then install the ActiveX control.
Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.Select
Start Scan to begin.
This scan can take a while so please be patient and let it complete.
Once Bitdefender completes the scan:
Click-on the
Detected Problems tab.
Then select
Click here to export the scan reportWhen the window comes up to save the report, change the
Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the
File name box enter change to
bdscan then click
SaveThis will save a file named
bdscan.txt. I would suggest saving it to the
Desktop so you can easily find it.
(take notice of where you save it so you can find it later)This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to usPost the
bdscan.txt in the next post as an attachment.
Next post
Bdscan log
New Hijackthis log