Jump to content

Don't know if I have a virus or keylogger?


LL_4

Recommended Posts

Hi, I'm hoping someone can tel me if I successfully got rid of a virus I think I had. What happened was, a few days ago, a friend called to tell me, They had recieved an off line message from me in YIM, and it was a spam message. As I wasn't home I know I didn't send it, I then found out a few other people on my contact list have also recieved spam IM's from my account as well. So I did change my password for yahoo. I googled and found Malwarebytes and downloaded it, along with Super Anitspyware. I ran them both, and quarentined and removed what it found.

I'm hoping I've fixed my problem, but I'm concerned if I haven't. I don't want to sign into anything with a password until I know I'm safe. Thanks for any info or help you can offer for this.

Here's the log file from tonight's scan from SuperAntiSW: I ran Malwarebytes after and it didn't find anything else.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 02/24/2009 at 08:13 PM

Application Version : 4.25.1012

Core Rules Database Version : 3773

Trace Rules Database Version: 1732

Scan type : Quick Scan

Total Scan Time : 00:31:33

Memory items scanned : 435

Memory threats detected : 0

Registry items scanned : 522

Registry threats detected : 0

File items scanned : 10558

File threats detected : 2

Adware.Tracking Cookie

C:\Documents and Settings\Leisenring\Cookies\leisenring@richmedia.yahoo[1].txt

C:\Documents and Settings\Nicky\Cookies\nicky@dc.tremormedia[1].txt

I also ran the HJT scan, and here is the log for that

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:00:31 PM, on 2/24/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - http://cnn-5.vo.llnwd.net/c1/static/cab_he...pWebUpdater.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--

End of file - 7451 bytes

Thanks!

Lora

Link to post
Share on other sites

Hi. <_<

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).

Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.

I will review it when it comes in.

Link to post
Share on other sites

Paste this into the fix box (where it says paste fix here):

[Kill Explorer][Win32 Services - Safe List]YY -> (aspimgr) Microsoft ASPI Manager [Win32_Own | Disabled | Stopped] -> [Registry - Safe List]< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\YN -> {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBarYN -> "{0BF43445-2F28-4351-9252-17FE6E806AA0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]YN -> WebBrowser\\"{E19E589B-749F-4641-9ED3-032DEB7A8D92}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.][Files/Folders - Created Within 30 Days]NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmpNY -> 7ed887d49149f3903c05a3f70be891 -> %SystemDrive%\7ed887d49149f3903c05a3f70be891NY -> ea407a8023a0cba0af7eff -> %SystemDrive%\ea407a8023a0cba0af7effNY -> b354c87fa820e039d3aea0c9 -> %SystemDrive%\b354c87fa820e039d3aea0c9[Files/Folders - Modified Within 30 Days]NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmpNY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmpNY -> 77 C:\Documents and Settings\Leisenring\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Leisenring\Local Settings\Temp\*.tmpNY -> 77 C:\Documents and Settings\Leisenring\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Leisenring\Local Settings\Temp\*.tmpNY -> 77 C:\Documents and Settings\Leisenring\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Leisenring\Local Settings\Temp\*.tmpNY -> 25 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmpNY -> setup.exe -> %UserProfile%\Local Settings\Temp\setup.exeNY -> SSUPDATE.EXE -> %UserProfile%\Local Settings\Temp\SSUPDATE.EXENY -> ywiseext.dll -> %UserProfile%\Local Settings\Temp\4706527\ywiseext.dllNY -> mfc80.dll -> %UserProfile%\Local Settings\Temp\mfc80.dllNY -> mfc80.dll -> %SystemRoot%\Temp\tismsi\mfc80.dllNY -> mfc80u.dll -> %UserProfile%\Local Settings\Temp\mfc80u.dllNY -> mfc80u.dll -> %SystemRoot%\Temp\tismsi\mfc80u.dllNY -> atl80.dll -> %UserProfile%\Local Settings\Temp\atl80.dllNY -> atl80.dll -> %SystemRoot%\Temp\tismsi\atl80.dllNY -> mfcm80.dll -> %UserProfile%\Local Settings\Temp\mfcm80.dllNY -> mfcm80.dll -> %SystemRoot%\Temp\tismsi\mfcm80.dllNY -> mfcm80u.dll -> %UserProfile%\Local Settings\Temp\mfcm80u.dllNY -> mfcm80u.dll -> %SystemRoot%\Temp\tismsi\mfcm80u.dllNY -> msvcr80.dll -> %UserProfile%\Local Settings\Temp\msvcr80.dllNY -> msvcr80.dll -> %SystemRoot%\Temp\tismsi\msvcr80.dllNY -> msvcp80.dll -> %UserProfile%\Local Settings\Temp\msvcp80.dllNY -> msvcp80.dll -> %SystemRoot%\Temp\tismsi\msvcp80.dllNY -> msvcm80.dll -> %UserProfile%\Local Settings\Temp\msvcm80.dllNY -> msvcm80.dll -> %SystemRoot%\Temp\tismsi\msvcm80.dllNY -> libexpat.dll -> %UserProfile%\Local Settings\Temp\libexpat.dllNY -> libexpat.dll -> %SystemRoot%\Temp\tismsi\libexpat.dllNY -> GENKEY32.dll -> %SystemRoot%\Temp\tismsi\GENKEY32.dllNY -> TmDbg32.dll -> %UserProfile%\Local Settings\Temp\TmDbg32.dllNY -> Install_WLMessenger.exe -> %UserProfile%\Local Settings\Temp\Install_WLMessenger.exeNY -> updscan.dat -> %SystemRoot%\Temp\UPDA9.tmp\updscan.datNY -> updnames.dat -> %SystemRoot%\Temp\UPDA9.tmp\updnames.datNY -> updclean.dat -> %SystemRoot%\Temp\UPDA9.tmp\updclean.datNY -> updscan.dat -> %SystemRoot%\Temp\UPD35.tmp\updscan.datNY -> updnames.dat -> %SystemRoot%\Temp\UPD35.tmp\updnames.datNY -> updclean.dat -> %SystemRoot%\Temp\UPD35.tmp\updclean.datNY -> updscan.dat -> %SystemRoot%\Temp\UPD7A.tmp\updscan.datNY -> updnames.dat -> %SystemRoot%\Temp\UPD7A.tmp\updnames.datNY -> updclean.dat -> %SystemRoot%\Temp\UPD7A.tmp\updclean.datNY -> updscan.dat -> %SystemRoot%\Temp\UPD52.tmp\updscan.datNY -> updnames.dat -> %SystemRoot%\Temp\UPD52.tmp\updnames.datNY -> updclean.dat -> %SystemRoot%\Temp\UPD52.tmp\updclean.datNY -> updscan.dat -> %SystemRoot%\Temp\UPD202.tmp\updscan.datNY -> updnames.dat -> %SystemRoot%\Temp\UPD202.tmp\updnames.datNY -> updclean.dat -> %SystemRoot%\Temp\UPD202.tmp\updclean.datNY -> updnames.dat -> %SystemRoot%\Temp\UPD14D.tmp\updnames.datNY -> updclean.dat -> %SystemRoot%\Temp\UPD14D.tmp\updclean.datNY -> updscan.dat -> %SystemRoot%\Temp\UPD14D.tmp\updscan.datNY -> updscan.dat -> %SystemRoot%\Temp\UPD4B.tmp\updscan.datNY -> updnames.dat -> %SystemRoot%\Temp\UPD4B.tmp\updnames.datNY -> updclean.dat -> %SystemRoot%\Temp\UPD4B.tmp\updclean.datNY -> updscan.dat -> %SystemRoot%\Temp\UPD27A.tmp\updscan.datNY -> updnames.dat -> %SystemRoot%\Temp\UPD27A.tmp\updnames.datNY -> updclean.dat -> %SystemRoot%\Temp\UPD27A.tmp\updclean.datNY -> updscan.dat -> %SystemRoot%\Temp\UPD19A.tmp\updscan.datNY -> updnames.dat -> %SystemRoot%\Temp\UPD19A.tmp\updnames.datNY -> updclean.dat -> %SystemRoot%\Temp\UPD19A.tmp\updclean.datNY -> updscan.dat -> %SystemRoot%\Temp\UPD67.tmp\updscan.datNY -> updnames.dat -> %SystemRoot%\Temp\UPD67.tmp\updnames.datNY -> updclean.dat -> %SystemRoot%\Temp\UPD67.tmp\updclean.datNY -> updscan.dat -> %SystemRoot%\Temp\UPD59.tmp\updscan.datNY -> updnames.dat -> %SystemRoot%\Temp\UPD59.tmp\updnames.datNY -> updclean.dat -> %SystemRoot%\Temp\UPD59.tmp\updclean.datNY -> IadHide5.dll -> %UserProfile%\Local Settings\Temp\IadHide5.dll[Alternate Data Streams]NY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptableNY -> @Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34[Purity][Empty Temp Folders][start Explorer]

It will produce a log. Please post that here and a new HijackThis.

Link to post
Share on other sites

Here is the log it gave me, my Trend Micro popped up with a warning for OTScanit2, I clicked ignore so it could run. Also there is a catchme.exe that Trend Micro says is a Troj_genaric.DIM Don't know if means anything, but thought I should post that info in case. I hope the did the fix correctly, the OTScanit2, seems to have frozen, I can't close it, but I am able to open open up the file, and I found the new log. I thought I would post this first, and I'll do the HJT scan and log next.

Thanks again so much for your help!

Process Explorer.EXE killed successfully!

[Win32 Services - Safe List]

Service aspimgr stopped successfully!

Service aspimgr deleted successfully!

File not found.

[Registry - Safe List]

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E19E589B-749F-4641-9ED3-032DEB7A8D92} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E19E589B-749F-4641-9ED3-032DEB7A8D92}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.

[Files/Folders - Created Within 30 Days]

C:\7ed887d49149f3903c05a3f70be891\i386 folder moved successfully.

C:\7ed887d49149f3903c05a3f70be891\amd64 folder moved successfully.

C:\7ed887d49149f3903c05a3f70be891 folder moved successfully.

C:\ea407a8023a0cba0af7eff folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\Tools folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetMSP\x86 folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetMSP\x64 folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetMSP\ia64 folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetMSP folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetFX35\x86 folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetFX35\x64 folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetFX35\ia64 folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetFX35 folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetFX30\x86 folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetFX30\x64 folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetFX30 folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework\dotNetFX20 folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu\dotNetFramework folder moved successfully.

C:\b354c87fa820e039d3aea0c9\wcu folder moved successfully.

C:\b354c87fa820e039d3aea0c9 folder moved successfully.

[Files/Folders - Modified Within 30 Days]

C:\WINDOWS\Temp\UPD14D.tmp folder deleted successfully.

C:\WINDOWS\Temp\UPD19A.tmp folder deleted successfully.

C:\WINDOWS\Temp\UPD202.tmp folder deleted successfully.

C:\WINDOWS\Temp\UPD27A.tmp folder deleted successfully.

C:\WINDOWS\Temp\UPD35.tmp folder deleted successfully.

C:\WINDOWS\Temp\UPD4B.tmp folder deleted successfully.

C:\WINDOWS\Temp\UPD52.tmp folder deleted successfully.

C:\WINDOWS\Temp\UPD59.tmp folder deleted successfully.

C:\WINDOWS\Temp\UPD67.tmp folder deleted successfully.

C:\WINDOWS\Temp\UPD7A.tmp folder deleted successfully.

C:\WINDOWS\Temp\UPDA9.tmp folder deleted successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\setup.exe moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\SSUPDATE.EXE moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\4706527\ywiseext.dll moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\mfc80.dll moved successfully.

C:\WINDOWS\Temp\tismsi\mfc80.dll moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\mfc80u.dll moved successfully.

C:\WINDOWS\Temp\tismsi\mfc80u.dll moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\atl80.dll moved successfully.

C:\WINDOWS\Temp\tismsi\atl80.dll moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\mfcm80.dll moved successfully.

C:\WINDOWS\Temp\tismsi\mfcm80.dll moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\mfcm80u.dll moved successfully.

C:\WINDOWS\Temp\tismsi\mfcm80u.dll moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\msvcr80.dll moved successfully.

C:\WINDOWS\Temp\tismsi\msvcr80.dll moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\msvcp80.dll moved successfully.

C:\WINDOWS\Temp\tismsi\msvcp80.dll moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\msvcm80.dll moved successfully.

C:\WINDOWS\Temp\tismsi\msvcm80.dll moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\libexpat.dll moved successfully.

C:\WINDOWS\Temp\tismsi\libexpat.dll moved successfully.

C:\WINDOWS\Temp\tismsi\GENKEY32.dll moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\TmDbg32.dll moved successfully.

C:\Documents and Settings\Leisenring\Local Settings\Temp\Install_WLMessenger.exe moved successfully.

File C:\WINDOWS\Temp\UPDA9.tmp\updscan.dat not found!

File C:\WINDOWS\Temp\UPDA9.tmp\updnames.dat not found!

File C:\WINDOWS\Temp\UPDA9.tmp\updclean.dat not found!

File C:\WINDOWS\Temp\UPD35.tmp\updscan.dat not found!

File C:\WINDOWS\Temp\UPD35.tmp\updnames.dat not found!

File C:\WINDOWS\Temp\UPD35.tmp\updclean.dat not found!

File C:\WINDOWS\Temp\UPD7A.tmp\updscan.dat not found!

File C:\WINDOWS\Temp\UPD7A.tmp\updnames.dat not found!

File C:\WINDOWS\Temp\UPD7A.tmp\updclean.dat not found!

File C:\WINDOWS\Temp\UPD52.tmp\updscan.dat not found!

File C:\WINDOWS\Temp\UPD52.tmp\updnames.dat not found!

File C:\WINDOWS\Temp\UPD52.tmp\updclean.dat not found!

File C:\WINDOWS\Temp\UPD202.tmp\updscan.dat not found!

File C:\WINDOWS\Temp\UPD202.tmp\updnames.dat not found!

File C:\WINDOWS\Temp\UPD202.tmp\updclean.dat not found!

File C:\WINDOWS\Temp\UPD14D.tmp\updnames.dat not found!

File C:\WINDOWS\Temp\UPD14D.tmp\updclean.dat not found!

File C:\WINDOWS\Temp\UPD14D.tmp\updscan.dat not found!

File C:\WINDOWS\Temp\UPD4B.tmp\updscan.dat not found!

File C:\WINDOWS\Temp\UPD4B.tmp\updnames.dat not found!

File C:\WINDOWS\Temp\UPD4B.tmp\updclean.dat not found!

File C:\WINDOWS\Temp\UPD27A.tmp\updscan.dat not found!

File C:\WINDOWS\Temp\UPD27A.tmp\updnames.dat not found!

File C:\WINDOWS\Temp\UPD27A.tmp\updclean.dat not found!

File C:\WINDOWS\Temp\UPD19A.tmp\updscan.dat not found!

File C:\WINDOWS\Temp\UPD19A.tmp\updnames.dat not found!

File C:\WINDOWS\Temp\UPD19A.tmp\updclean.dat not found!

File C:\WINDOWS\Temp\UPD67.tmp\updscan.dat not found!

File C:\WINDOWS\Temp\UPD67.tmp\updnames.dat not found!

File C:\WINDOWS\Temp\UPD67.tmp\updclean.dat not found!

File C:\WINDOWS\Temp\UPD59.tmp\updscan.dat not found!

File C:\WINDOWS\Temp\UPD59.tmp\updnames.dat not found!

File C:\WINDOWS\Temp\UPD59.tmp\updclean.dat not found!

C:\Documents and Settings\Leisenring\Local Settings\Temp\IadHide5.dll moved successfully.

[Alternate Data Streams]

ADS C:\Documents and Settings\Leisenring\Desktop\Thumbs.db:encryptable deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.

[Purity]

Purity scan complete.

[Empty Temp Folders]

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

RecycleBin -> emptied.

Explorer started successfully

< End of fix log >

OTScanIt2 by OldTimer - Version 1.0.8.0 fix logfile created on 02252009_133502

Link to post
Share on other sites

OK, here is teh HJT log. :rolleyes: And I got OTScanit2 to close, I used Ctrl Alt Del, and closed it through there.. I hope that was ok.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:05:31 PM, on 2/25/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Leisenring\Desktop\OTScanIt2\OTScanIt2.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061019

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunOnce: [OTScanIt] "C:\Documents and Settings\Leisenring\Desktop\OTScanIt2\OTScanIt2.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - http://cnn-5.vo.llnwd.net/c1/static/cab_he...pWebUpdater.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--

End of file - 7546 bytes

Link to post
Share on other sites

Thanks so much! I don't think I'm having any other problems.

I deleted c:\_otscanit, I didn't find the other one. the only other thing is when I went to delete the OTScanit2 file from my desktop, it said it was still waiting comands from me, so it couldn't deleate. I checked and it didn't show that it was running, so I just restarted, and then it deleated fine, but when I did restart I got this message in notepad.

02252009_133502-Notepad

Files moved on Reboot...

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I'm not sure what that means.

Do you know what my problem was, btw? Did I have a keylogger?

Thanks again so much! I'm so glad I downloaded MWbytes, and found this forum. :rolleyes:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.