Jump to content

Ian.T

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you xixo_12!!! I really appreciate all the help!
  2. Kaspersky log as follows: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, April 21, 2010 Operating system: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Wednesday, April 21, 2010 14:39:37 Records in database: 3957819 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ H:\ I:\ J:\ K:\ Scan statistics: Objects scanned: 219252 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 06:30:54 No threats found. Scanned area is clean. Selected area has been scanned.
  3. Thanks xixo_12,the Kasperky scan is running, I'll post the log when completed.
  4. MBAM Log as follows. Looks good, is there any cleanup you could recommend? Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4012 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 4/20/2010 1:41:19 PM mbam-log-2010-04-20 (13-41-19).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 309856 Time elapsed: 3 hour(s), 13 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. OTM log and confession time I left a window open when OTM first ran, thinking OTM had finished I went to cut and paste the contents of the results window, OTM then went into 'Not Responding' mode, I ended up rebooting and ran again.... log as follows: All processes killed ========== PROCESSES ========== ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{745A6D3B-4DB0-4246-B596-9189787D4ED5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{745A6D3B-4DB0-4246-B596-9189787D4ED5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. ========== FILES ========== File/Folder C:\Program Files\AdventureQuest Worlds Toolbar not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Dad ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 529626359 bytes ->Java cache emptied: 6448600 bytes ->Apple Safari cache emptied: 172574012 bytes ->Flash cache emptied: 2289662 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 137474819 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 14964999 bytes RecycleBin emptied: 2081453578 bytes Total Files Cleaned = 2,808.00 mb OTM by OldTimer - Version 3.1.10.2 log created on 04202010_101245 Files moved on Reboot... C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K46ZXBS3\iframe[1].html moved successfully. C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0UL9PABZ\index[2].htm moved successfully. C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully. File C:\Windows\temp\mcafee_PO5YDBkfeMYHIz7 not found! File C:\Windows\temp\mcafee_uJVG9unhYQzU7rN not found! File C:\Windows\temp\mcmsc_ABa7WUHJu5mYvzR not found! File C:\Windows\temp\mcmsc_AqjZ23DrsjfVffE not found! File C:\Windows\temp\mcmsc_NjzH4fU6Dh2J9uT not found! File C:\Windows\temp\sqlite_6TP700hrObUCf08 not found! File C:\Windows\temp\sqlite_FYv0Q0Wmu88ccwe not found! File C:\Windows\temp\sqlite_PA7ZDOtFD4zUFNg not found! File C:\Windows\temp\sqlite_T2ZhvI5xDeTXHDr not found! Registry entries deleted on Reboot...
  6. I got HiJackThis loaded, ran as instructed and 'fixed' all the entries except the following that were not on the list. I'll carry on with OTM now R3 - URLSearchHook: FCToolbarURLSearchHook Class - {61420c5c-7f3e-4f29-9987-e7e31687ab75} - C:\Program Files\AdventureQuest Worlds Toolbar\Helper.dll O2 - BHO: FCTBPos00Pos - {745A6D3B-4DB0-4246-B596-9189787D4ED5} - C:\Program Files\AdventureQuest Worlds Toolbar\Toolbar.dll
  7. Is HiJackThis is the 'RSIT' tool? Sorry for my ignorance
  8. Hey xixo_12, Have I already downloaded the HiJackThis app? '
  9. Hi xixo_12, when I ran GMER, I got a message saying the aplication had stopped running... I tried again in safe mode and the same happened
  10. Contents of Info: info.txt logfile of random's system information tool 1.06 2010-04-20 07:47:16 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE 32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0} Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe" Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Adobe
  11. Contents of Log.txt: Logfile of random's system information tool 1.06 (written by random/random) Run by Dad at 2010-04-20 07:46:42 Microsoft
  12. Sorry again Xixo_12, I'd added my reply about hitting 'continue' before I saw your request to proceed with Kaspersky, I'm downloading that now, should I proceed with Kaspersky or try your latest posting? Sorry again!
  13. Sorry, I should have said nothing happens after I hit 'continue' when Windows asks for my permission to continue...
  14. Thank you xixo_12! When I try to remove the Ask Toolbar I get the following: --------------------------- RunDLL --------------------------- Error loading C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll The specified module could not be found. --------------------------- OK --------------------------- When I then tried to remove CouponBar, I hit the 'Uninstall/install' option and then nothing happens...
  15. Any help you guys can provide to permanently remove Trojan.BHO.H would be gratefully appreciated! I've pasted the MBAM Log, the GMER log and the 'Attach' log as described in the sticky.... MBAM Log Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4007 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 4/19/2010 1:47:32 PM mbam-log-2010-04-19 (13-47-32).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 333975 Time elapsed: 4 hour(s), 23 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Dad\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ GMER Log as follows: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-19 14:19:23 Windows 6.0.6002 Service Pack 2 Running: j8uwfvqt.exe; Driver: C:\Users\Dad\AppData\Local\Temp\kxldipoc.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8CA9D79E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8CA9D738] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8CA9D74C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8CA9D7DC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8CA9D81F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8CA9D710] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8CA9D724] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8CA9D7B2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8CA9D847] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8CA9D833] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8CA9D78A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8CA9D776] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8CA9D80B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8CA9D7F2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8CA9D7C8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8CA9D762] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- EOF - GMER 1.0.15 ---- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Attach Log UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft ark.txt Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.