Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Dr Watson Post Mortem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Dr Watson Post Mortem

Unread postby sakaya » May 27th, 2010, 2:22 am

I finally got the ESET scanner to run to completion. It found no threats. The system is still crashing just as much as before.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=924661891ed077468086bfc5aa4a9a60
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-05-27 04:11:12
# local_time=2010-05-27 01:11:12 (+0900, Tokyo Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 100 100 0 14561146 0 0
# compatibility_mode=8192 67108863 100 0 115265 115265 0 0
# scanned=101291
# found=0
# cleaned=0
# scan_time=23095
sakaya
Active Member
 
Posts: 13
Joined: May 21st, 2010, 8:14 am
Advertisement
Register to Remove

Re: Dr Watson Post Mortem

Unread postby Cypher » May 27th, 2010, 4:51 am

Hi sakaya

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    lquinme.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Dr Watson Post Mortem

Unread postby sakaya » May 27th, 2010, 5:09 am

Hi Cypher. Thanks for the reply.

Here is the SystemLook log.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:06 on 27/05/2010 by User (Administrator - Elevation successful)

========== filefind ==========

Searching for "lquinme.dll"
C:\WINDOWS\system32\lquinme.dll --a--- 114176 bytes [14:32 09/08/2008] [12:00 14/04/2008] 2F01909CE0CDAFD482D128AF31238E71

-=End Of File=-
sakaya
Active Member
 
Posts: 13
Joined: May 21st, 2010, 8:14 am

Re: Dr Watson Post Mortem

Unread postby Cypher » May 27th, 2010, 5:26 am

You're welcome sakaya.
Ok lets get this file tested.

Upload a File to Jotti

Please go to jotti.org

Copy/paste this file and path into the white box at the top:
C:\WINDOWS\system32\lquinme.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

If you have trouble using jotti try Virustotal

Post back with the jotti or virustotal results.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Dr Watson Post Mortem

Unread postby sakaya » May 27th, 2010, 7:09 am

I think we did this one already. Anyway, here are the results.

2010-05-25 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing

2010-05-24 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing

(VBA 32) 2010-05-24 Crafted.Win32File.OLS

2010-05-24 Found nothing

2010-05-25 Found nothing

2010-05-25 Found nothing
sakaya
Active Member
 
Posts: 13
Joined: May 21st, 2010, 8:14 am

Re: Dr Watson Post Mortem

Unread postby Cypher » May 27th, 2010, 7:27 am

Hi sakaya.
I think we did this one already.

No it was a different file we tested previously.
Ok lets run another scan.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Reply back with the Gmer.txt log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Dr Watson Post Mortem

Unread postby Elrond » May 30th, 2010, 7:44 am

Due to lack of activity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 354 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware