dkarst

Members
  • Content count

    40
  • Joined

  • Last visited

About dkarst

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. We earlier followed procedure by posting dds.txt and our issue was resolved. Thank you for your support. However, we were instructed to remove an old version of Hijack This but were unable to remove it. We forgot to ask how to do this before our thread was closed. What is the proper way to remove Hijack This?
  2. We have completed everything listed above. Thanks for your wonderful assistance and patience. You ROCK!
  3. Correction: 5) We have many files associated with removing the infection on our desktop and in our Programs folder. Should we delete all those files?
  4. Yup. Many thanks for your help!!! Before we finish up though I do have some questions. 1) Do you have any idea how and where we might have picked up this zero access trojan? 2) Is there software we can install to detect and kill this sort of problem before it infects our computer? 3) During one of the scans we were asked to disconnect any external hard drives which we did. That hard drive stores only My Documents type of files; there are no operating system files on it. Is it safe to assume it is not infected? 4) We have connected our ipad once to our computer to download a rented movie from Itunes. Is it safe to assume it is not infected? 5) We have many files on our desktop and in our Programs folder. Should we delete all those files?
  5. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.23.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 DKarst :: HYLAS-LT-005 [administrator] 1/23/2013 11:08:40 AM mbam-log-2013-01-23 (11-08-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 258729 Time elapsed: 7 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. SystemLook 30.07.11 by jpshortstuff Log created at 09:31 on 23/01/2013 by DKarst Administrator - Elevation successful ========== filefind ========== Searching for "mscomctl.ocx " C:\SwSetup\InetSec06\Support\Redist\MSRedist\mscomctl.ocx --a--c- 1066176 bytes [16:58 22/05/2000] [16:58 22/05/2000] 714CF24FC19A20AE0DC701B48DED2CF6 C:\WINDOWS\Installer\$PatchCache$\Managed\90400E0900063D11C8EF10054038389C\11.0.6361\MSCOMCTL.OCX -ra---- 1077344 bytes [14:13 06/06/2002] [14:13 06/06/2002] 774A15583DB1AD44C5EE32309C840C96 C:\WINDOWS\system32\MSCOMCTL.OCX --a---- 1070152 bytes [17:17 02/05/2012] [17:17 02/05/2012] E52859FCB7A827CACFCE7963184C7D24 Searching for "comctl32.ocx" C:\SwSetup\InetSec06\Support\Redist\MSRedist\comctl32.ocx --a--c- 608448 bytes [16:58 22/05/2000] [16:58 22/05/2000] EB5F811C1F78005B3C147599A0CCCF51 C:\WINDOWS\system32\COMCTL32.OCX --a---- 1351392 bytes [16:58 22/05/2000] [01:58 16/04/2005] 2640AD05AB39321E6C9D3C71236CA0DF Searching for "MSVBVM60.DLL" C:\WINDOWS\$NtServicePackUninstall$\msvbvm60.dll -----c- 1392671 bytes [23:16 13/05/2008] [08:00 04/08/2004] E949EEE7D1BE07E32267FE10D9992C38 C:\WINDOWS\LastGood\system32\MSVBVM60.DLL --a---- 1386496 bytes [15:29 23/01/2013] [02:42 24/02/2004] F28EB5CBC3CA6D8C787F09F047D1F9C8 C:\WINDOWS\ServicePackFiles\i386\msvbvm60.dll ------- 1384479 bytes [00:12 14/04/2008] [00:12 14/04/2008] 64B33CC5BF131DEF2721394CF9B3F8ED C:\WINDOWS\system32\MSVBVM60.DLL --a---- 1386496 bytes [02:42 24/02/2004] [02:42 24/02/2004] F28EB5CBC3CA6D8C787F09F047D1F9C8 -= EOF =-
  7. Dr.Web summary Total 22585898101 bytes in 26676 files scanned (32071 objects) Total 26660 files (32052 objects) are clean There are no infected objects detected Total 19 files are raised error condition Scan time is 00:52:57.197
  8. vbrun60sp6.exe asks where I would like to store the files. Where would you recommend?
  9. I reran Dr.Web scan in the un-enhanced mode which will generate a report. The enhanced version is recommended by Dr.Web but doesn't have the option to generate a report. Anyway, the report is very large (11MB). Do you still want to see it? Still nothing found. Is there a way to sent the file as an attachment? In the mean time, I will continue on with the Service Pack 6 instructions.
  10. Was not able to find a DrWeb log file but the scan found nothing. ESET scan report ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=be517b7680ce73458c10f4a47fc818ff # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-01-23 12:30:59 # local_time=2013-01-22 06:30:59 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5889 16768382 80 100 138548422 198721805 0 138619859 # scanned=156852 # found=0 # cleaned=0 # scan_time=9791
  11. The Dr.Web express scan finished after about an hour and nothing was found. I cannot find anything in the Dr.Web dialog box that says "complete scan".
  12. All processes killed ========== OTL ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 78991 bytes ->Flash cache emptied: 348 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56468 bytes User: dkarst ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 36942248 bytes ->Java cache emptied: 1722645 bytes ->Flash cache emptied: 30386 bytes User: DKarst.HYLAS-LT-005 ->Temp folder emptied: 1451522 bytes ->Temporary Internet Files folder emptied: 83359206 bytes ->Java cache emptied: 62221725 bytes ->FireFox cache emptied: 68137337 bytes ->Flash cache emptied: 1703827 bytes User: DKARST~1~HYL User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1881298 bytes ->Flash cache emptied: 3420 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 573 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1729 bytes Total Files Cleaned = 246.00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: dkarst ->Flash cache emptied: 0 bytes User: DKarst.HYLAS-LT-005 ->Flash cache emptied: 0 bytes User: DKARST~1~HYL User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: Administrator User: All Users User: Default User User: dkarst ->Java cache emptied: 0 bytes User: DKarst.HYLAS-LT-005 ->Java cache emptied: 0 bytes User: DKARST~1~HYL User: LocalService User: NetworkService Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01222013_114904 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  13. The OTL.exe icon is not opening the program - just the image.
  14. Add or Remove Programs will not remove Hijack This 2.0.2. Any ideas? Removed Java 6 Update 35. Java 7 Update 11 is disabled in browser (Firefox). Couldn't find Java Auto Updater in Add or Remove Programs. Removed Adobe Reader and installed new Adobe Reader. I can't find the OTLFIX.txt file.