Jump to content

jackie

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jackie
    Things seem fine now. The Trojan.Keylogger.Win32.Agent isn't popping up any more and my regular antivirus scans aren't bringing up anything. Can I be sure now that I don't have a key logger though? I'm still a little timid about entering my personal information anywhere. Thank you so much for all of the time and effort you have put into helping me, by the way. I greatly appreciate it and I find it amazing that people like you still exist. Sincerely, Jackie
  2. jackie
    Here are the results from the combofix below and a subsequent scan with hijack this. ComboFix 09-06-11.05 - jaclyn diaz 06/11/2009 17:00.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.223 [GMT -4:00] Running from: c:\documents and settings\jaclyn diaz\Desktop\ComboFix.exe AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4} FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\security toolbar c:\program files\security toolbar\Uninstall.bat c:\windows\Fonts\trebuchib.ttf c:\windows\IE4 Error Log.txt c:\windows\system\oeminfo.ini c:\windows\system32\bszip.dll c:\windows\system32\nmllm.bak1 c:\windows\system32\nmllm.bak2 c:\windows\system32\nmllm.ini c:\windows\system32\nmllm.ini2 c:\windows\system32\nmllm.tmp c:\windows\system32\qstwa.bak1 c:\windows\system32\qstwa.bak2 c:\windows\system32\qstwa.ini c:\windows\system32\qstwa.ini2 c:\windows\system32\qstwa.tmp c:\windows\system32\rttss.bak2 c:\windows\system32\rttss.ini c:\windows\winhelp.ini . ((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 ))))))))))))))))))))))))))))))) . 2009-06-11 17:47 . 2009-06-11 17:47 -------- d-----w- c:\documents and settings\jaclyn diaz\Application Data\Malwarebytes 2009-06-11 17:47 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-11 17:46 . 2009-06-11 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-11 17:46 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-11 17:46 . 2009-06-11 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-11 00:19 . 2009-06-11 00:19 -------- d-----w- c:\documents and settings\jaclyn diaz\DoctorWeb 2009-06-10 23:40 . 2009-06-10 23:40 -------- d-----w- c:\program files\Trend Micro 2009-06-10 23:09 . 2009-06-10 23:15 -------- d-----w- c:\program files\Windows Live Safety Center 2009-06-10 01:10 . 2009-06-09 22:51 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-06-09 22:51 . 2009-06-09 22:51 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-06-09 22:51 . 2009-06-09 22:51 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-06-09 22:51 . 2009-06-09 22:51 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-06-09 22:51 . 2009-06-09 22:51 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-06-09 22:51 . 2009-06-09 22:51 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-06-09 22:51 . 2009-06-09 22:51 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-06-09 22:51 . 2009-06-09 22:51 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-06-09 22:51 . 2009-06-09 22:51 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-06-09 22:51 . 2009-06-09 22:51 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-06-09 22:51 . 2009-06-09 22:51 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-06-09 22:51 . 2009-06-09 22:51 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-06-09 22:50 . 2009-06-09 22:51 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-06-09 22:50 . 2009-06-09 22:50 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-06-09 22:50 . 2009-06-09 22:50 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-06-09 22:50 . 2009-06-09 22:50 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-06-09 22:50 . 2009-06-09 22:50 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-06-09 22:50 . 2009-06-09 22:50 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-06-09 22:50 . 2009-06-09 22:50 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-06-09 22:50 . 2009-06-09 22:50 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-06-09 22:49 . 2009-06-09 22:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-06-09 22:49 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-06-09 22:49 . 2009-06-09 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-06-09 22:16 . 2009-06-09 22:16 -------- d-sh--w- c:\documents and settings\jaclyn diaz\IETldCache 2009-06-09 22:16 . 2009-06-09 22:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-09 20:07 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-09 20:07 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-09 20:07 . 2009-06-09 20:08 -------- d-----w- c:\windows\ie8updates 2009-06-09 20:05 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-06-09 19:59 . 2009-06-09 20:04 -------- dc-h--w- c:\windows\ie8 2009-06-04 02:05 . 2009-06-04 02:05 -------- d-----w- c:\documents and settings\jaclyn diaz\Saved Games 2009-06-04 02:05 . 2009-06-04 02:05 -------- d-----w- c:\documents and settings\jaclyn diaz\Local Settings\Application Data\Oberon Games 2009-05-25 15:19 . 2009-05-25 15:19 -------- d-----w- c:\documents and settings\jaclyn diaz\Application Data\Smith Micro 2009-05-25 15:15 . 2009-05-25 15:15 10134 ----a-r- c:\documents and settings\jaclyn diaz\Application Data\Microsoft\Installer\{6FA04597-5F3E-4CB0-9091-09C54E0AA0ED}\ARPPRODUCTICON.exe 2009-05-25 15:15 . 2009-05-25 15:15 10134 ----a-r- c:\documents and settings\jaclyn diaz\Application Data\Microsoft\Installer\{461D92DA-0B8C-496B-B6AA-BD0614BE0867}\ARPPRODUCTICON.exe 2009-05-25 15:13 . 2009-05-25 15:15 -------- d-----w- c:\program files\Kyocera Wireless Corp 2009-05-22 23:19 . 2009-05-22 23:19 -------- d-----w- c:\documents and settings\jaclyn diaz\Local Settings\Application Data\WorldWinner.com 2009-05-18 22:55 . 2009-06-04 02:11 -------- d-----w- c:\program files\Oberon Media . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-11 17:50 . 2006-07-18 17:06 -------- d-----w- c:\program files\Microsoft Windows OneCare Live 2009-06-11 17:44 . 2005-05-27 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-06-09 23:20 . 2007-01-14 02:18 -------- d-----w- c:\program files\Lavasoft 2009-06-09 23:20 . 2007-01-14 02:18 -------- d-----w- c:\documents and settings\jaclyn diaz\Application Data\Lavasoft 2009-06-09 21:29 . 2005-06-02 19:28 95984 ----a-w- c:\documents and settings\jaclyn diaz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-09 20:34 . 2008-08-25 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-09 20:24 . 2005-05-27 19:20 -------- d-----w- c:\program files\Microsoft Works 2009-06-09 17:04 . 2007-12-01 17:28 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-06-09 05:52 . 2008-12-15 01:55 -------- d-----w- c:\documents and settings\jaclyn diaz\Application Data\StumbleUpon 2009-06-09 02:11 . 2008-12-15 01:54 -------- d-----w- c:\program files\StumbleUpon 2009-06-04 03:16 . 2007-04-21 00:45 -------- d-----w- c:\program files\MSN Games 2009-06-04 03:11 . 2007-04-21 00:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-04 02:12 . 2007-06-06 05:14 -------- d-----w- c:\documents and settings\jaclyn diaz\Application Data\PlayFirst 2009-06-04 02:12 . 2007-06-06 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst 2009-06-04 00:35 . 2005-06-02 18:39 44596 ----a-w- c:\documents and settings\jaclyn diaz\Application Data\wklnhst.dat 2009-06-02 23:20 . 2008-09-06 05:27 -------- d-----w- c:\program files\Funkitron 2009-06-02 23:20 . 2008-09-06 05:28 -------- d-----w- c:\documents and settings\jaclyn diaz\Application Data\funkitron 2009-06-02 23:18 . 2005-05-27 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-02 03:09 . 2008-06-05 00:16 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-05-13 05:15 . 2004-08-12 14:09 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2004-08-12 13:59 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:55 . 2009-04-29 04:55 78336 ------w- c:\windows\system32\ieencode.dll 2009-04-17 12:26 . 2004-08-12 14:09 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-16 02:20 . 2008-11-05 00:32 -------- d-----w- c:\program files\Palm 2009-04-15 14:51 . 2004-08-12 14:04 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480] "SmileboxTray"="c:\documents and settings\jaclyn diaz\Application Data\Smilebox\SmileboxTray.exe" [2009-01-01 254600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-04 344064] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-11 185896] "SmartMon"="c:\program files\EmvSmartCardReader\SmartMON.exe" [2006-06-14 73806] "BePCSC"="c:\program files\EmvSmartCardReader\BePCSC.exe" [2006-07-12 32864] "StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2007-12-14 26112] "OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-09 518488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\school\Start Menu\Programs\Startup\ WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-9-16 15360] c:\documents and settings\jaclyn diaz\Start Menu\Programs\Startup\ WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-9-16 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-11-4 28672] HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2007-12-17 20:35 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk backup=c:\windows\pss\Kodak software updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^jaclyn diaz^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=c:\documents and settings\jaclyn diaz\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^jaclyn diaz^Start Menu^Programs^Startup^wkcalrem.LNK] path=c:\documents and settings\jaclyn diaz\Start Menu\Programs\Startup\wkcalrem.LNK backup=c:\windows\pss\wkcalrem.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SpywareCleanerService"=2 (0x2) "mcupdmgr.exe"=3 (0x3) "McTskshd.exe"=2 (0x2) "McDetect.exe"=2 (0x2) "Fax"=2 (0x2) "AOL ACS"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirScheduler"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Common Files\\AOL\\1162602116\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1162602116\\ee\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AIM6\\aim6.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/9/2009 6:51 PM 64160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904] R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [3/22/2009 10:59 AM 24936] R2 tgsrvc_chatsupport.palm.com;SupportSoft Repair Service (chatsupport.palm.com);c:\program files\chatsupport.palm.com\bin\tgsrvc.exe [5/21/2008 5:24 AM 148768] S3 EMVSCARD;EMVSCARD;c:\windows\system32\drivers\EMVSCARD.sys [10/13/2007 9:06 PM 20178] S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\drivers\kwusb2k.sys [8/28/2007 4:53 PM 191104] S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [6/3/2009 4:52 PM 120168] S4 SpywareCleanerService;SpywareCleanerService;c:\program files\Spyware Cleaner\SCService.exe --> c:\program files\Spyware Cleaner\SCService.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:50] 2009-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42] 2007-06-11 c:\windows\Tasks\MP Scheduled Quick Scan.job - c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe [2008-07-09 21:05] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage Trusted Zone: princetonreview.com Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScanner.ocx FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.princetonreview.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  3. jackie
    I ran the scans. The logs are below. Thank you so much for the quick response! How do I know if I still have a keylogger? I am scared to enter my e-mail account or any other websites with usernames and passwords because I do not want someone else to know my information. Thanks for your help hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:25:31 PM, on 6/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\EmvSmartCardReader\SmartMON.exe C:\Program Files\EmvSmartCardReader\BePCSC.exe C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Documents and Settings\jaclyn diaz\Application Data\Smilebox\SmileboxTray.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.princetonreview.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  4. jackie
    I am almost completely computer illiterate. If any one could analyze these I would REALLY appreciate it. I am staying in the hospital and my computer got bombarded with trojans. I scanned my computer with hijack this and with Dr.web and got the following reports, but I am still receiving a pop-up when I first turn on my computer that says that I am infected with the Trojan-Keylogger.Win32.Agent. I still don't know how to get rid of that one. I any one could help I would really appreciate it... Just keep in mind that I'm not that computer savvy so the more simplified the explanation the better! - Thanks From Dr.Web popcaploader.dll;c:\windows\downloaded program files;Program.PopcapLoader;Incurable.Moved.; sdra64.exe;c:\windows\system32;Trojan.PWS.Panda.114;Deleted.; e.exe;C:\Documents and Settings\jaclyn diaz\Local Settings\Temp;Trojan.PWS.Panda.114;Deleted.; GTDownDE_87.ocx;C:\i386;Adware.Gdown;Incurable.Moved.; Security Toolbar.dll;C:\Program Files\Security Toolbar;Trojan.Popuper.13503;Deleted.; A0165165.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.MWS;Incurable.Moved.; A0165166.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Websearch;Incurable.Moved.; A0165167.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Websearch;Incurable.Moved.; A0165168.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Funweb;Incurable.Moved.; A0165169.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Websearch;Incurable.Moved.; A0165171.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Funweb;Incurable.Moved.; A0165172.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Msearch;Incurable.Moved.; A0165173.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Websearch;Incurable.Moved.; A0165174.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Trojan.Isbar.438;Deleted.; A0165175.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Funweb;Incurable.Moved.; A0165176.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Funweb;Incurable.Moved.; A0165177.SCR;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Msearch;Incurable.Moved.; A0165178.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Funweb;Incurable.Moved.; A0165179.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Msearch;Incurable.Moved.; A0165180.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Trojan.DownLoader.7028;Deleted.; A0165181.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Funweb;Incurable.Moved.; A0165182.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Msearch;Incurable.Moved.; A0165183.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Websearch;Incurable.Moved.; A0165184.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.MWS;Incurable.Moved.; A0165185.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Websearch;Incurable.Moved.; A0165186.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Msearch;Incurable.Moved.; A0165187.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Msearch;Incurable.Moved.; A0165188.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Websearch;Incurable.Moved.; A0165189.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Websearch;Incurable.Moved.; A0165190.DLL;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Websearch;Incurable.Moved.; A0165191.scr;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1520;Adware.Msearch;Incurable.Moved.; A0165247.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1522;Trojan.PWS.Panda.114;Deleted.; A0165248.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1522;Trojan.Popuper.13503;Deleted.; popcaploader.dll;C:\WINDOWS\Downloaded Program Files;Program.PopcapLoader;Invalid path to file ; GTDownDE_87.ocx;C:\WINDOWS\system32;Adware.Gdown;Incurable.Moved.; From Hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:19:01 AM, on 6/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\cisvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\EmvSmartCardReader\SmartMON.exe C:\Program Files\EmvSmartCardReader\BePCSC.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Documents and Settings\jaclyn diaz\Application Data\Smilebox\SmileboxTray.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Avant Browser\avant.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.princetonreview.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.