Jump to content

my hjt log


Recommended Posts

Hey guys.

Wondering if someone can take a look at my HJT log.

It won't let me save the log so I can copy and paste lol....

So I had to upload screencaps of it at tiny pic lol!

So if someone could look at it and tell me what needs to be deleted, thank you.

I noticed today when I went to msconfig to turn off some startup items that I had "otshot"

Googling it I found its a virus/malware.

I tried to delete it but of course it came right back.....and I am sure there are some other things that need to be deleted.

So thanks in advance guys,

:)

1zykyf.jpg

http://tinypic.com/r/1zykyf/5

2z3z4gh.jpg

http://tinypic.com/r/2z3z4gh/5

Link to post
Share on other sites

Hello jenniferkelly and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

No, it is legitimate entrie. Using Otshot you could add your name and photo information to every photo you send and share.

Please follow the instructions here and post your log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Is this what you need?

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5572

Windows 6.0.6000

Internet Explorer 7.0.6000.17037

5/12/2013 10:47:12 AM

mbam-log-2013-05-12 (10-47-06).txt

Scan type: Quick scan

Objects scanned: 151814

Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\jennifer kelly\downloads\actualspy.exe (Application.ActualSpy) -> No action taken.

c:\END (Trojan.FakeAlert) -> No action taken.

c:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> No action taken.

Link to post
Share on other sites

One of those which I need.

Your program and database version of Malwarebytes' Anti-Malware are very old, so please uninstall Malwarebytes' Anti-Malware and then download and install the latest one.

http://downloads.malwarebytes.org/mbam-download.php

Next:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Then proceed with DDS and post all log files in your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.12.06

Windows Vista x86 NTFS

Internet Explorer 7.0.6000.17037

Jennifer Kelly :: JENSCOMP [administrator]

Protection: Enabled

5/12/2013 7:10:01 PM

mbam-log-2013-05-12 (19-10-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217838

Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 6

HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\Users\Jennifer Kelly\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.

C:\Users\Jennifer Kelly\Downloads\MICROSOFT_OFFICE_keygen.zip (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Users\Jennifer Kelly\Downloads\actualspy.exe (Application.ActualSpy) -> Quarantined and deleted successfully.

C:\Users\Jennifer Kelly\Downloads\XvidSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.

C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.

C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

I'm afraid I have bad news.

One or more of the identified infections is a rootkit. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

I suggest you disconnect this computer from the Internet immediately you finish reading this post.

If you do any banking or other financial transactions on the computer, or if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, your computer is very likely compromised and there is no way to be sure your computer can ever again be trusted.

Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System.

Visit the following sites for more information on Internet theft and when to reformat!

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

If you have any questions before making a final decision, please feel free to ask.

Instructions how to format and reinstall Windows can be found here

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.