Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Manual Removal Help - MBAM Logfile  (Read 5290 times)

0 Members and 1 Guest are viewing this topic.

stewie0888

    Topic Starter


    Rookie

    Manual Removal Help - MBAM Logfile
    « on: August 17, 2010, 09:05:29 PM »
    MBAM was unable to quarntine the virus, any way I could manually remove this virus?

    Note, i'm going to sleep as I have school in the morning. I'll be back tomorrow; Bookmarked the topic.

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3930

    Windows 6.0.6000
    Internet Explorer 7.0.6000.17037

    8/17/2010 10:18:28 PM
    mbam-log-2010-08-17 (22-18-28).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 340626
    Time elapsed: 1 hour(s), 52 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.73,93.188.166.223 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40568af4-0d59-45d1-b9f3-a7f6eec21164}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.73,93.188.166.223 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4ef58157-0d66-4abe-a88b-c5283c34bf2c}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.73,93.188.166.223 -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    Logged

    Crush

    • Malware Removal Specialist


      • Beginner

      Thanked: 8
      Re: Manual Removal Help - MBAM Logfile
      « Reply #1 on: August 20, 2010, 11:07:36 AM »
      Hello, and welcome to Computer Hope Forums!

      I'm Crush but, you can call me Chris too :) and I will be helping you with your Malware issues

      Please note the following information about the malware forum:

      • Only members of the Malware Removal Specialist user group are allowed to give advice on removing malware from your computer. Do not follow the advice of anyone without that user title.
      • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
      • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
      • If you have already asked for help somewhere, please post the link to the topic you were helped.
      • We try our best to reply quickly, but for any reason we do not reply in two days, do this:


      Reply to this topic with the word BUMP.

      • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

      Now that we have that out of the way:

      Please re-open Malwarebytes Anti-Malware, navigate to the Updates tab and choose Check For Updates. A new version will install. Please run a Quick Scan with this update version.
      =======

      After that, Download OTL  to your Desktop

      • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
      • Under the Custom Scan box paste this in
      Code: [Select]
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %SYSTEMDRIVE%\*.exe
      %systemroot%\*. /mp /s
      c:\$recycle.bin\*.* /s
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      nvstor32.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      explorer.exe
      svchost.exe
      userinit.exe
      qmgr.dll
      ws2_32.dll
      proquota.exe
      imm32.dll
      kernel32.dll
      ndis.sys
      autochk.exe
      spoolsv.exe
      xmlprov.dll
      ntmssvc.dll
      mswsock.dll
      Beep.SYS
      ntfs.sys
      termsrv.dll
      sfcfiles.dll
      st3shark.sys
      ahcix86.sys
      srsvc.dll
      nvrd32.sys
      /md5stop
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles

        • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
          • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
          • Please copy (Edit>Select All, Edit>Copy) the contents of these files, one at a time
        Logged
        "I am in fact, quite cool. My graphing calculator confirms this"
        Pages: [1]   Go Up
        « previous next »