It is currently Fri Apr 25, 2014 8:48 am


I need help, I think there are multiple keyloggers!

Is your PC infected? Is it running slow? Just can't figure out what's making it sluggish? Here is the place to get some help.

Moderators: liljim, Gecko

Re: I need help, I think there are multiple keyloggers!

Postby Gecko » Mon Jun 28, 2010 12:03 pm

Anne510,

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.
Service::
S2 waudit;waudit;c:\windows\ASMBB\win32\waudit.exe
File::
C:\Windows\ASMBB\win32\wauditu.exe
Folder::
Registry::


Now drag then drop the CFScript file onto ComboFix.exe
Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5129
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:22
Top

Re: I need help, I think there are multiple keyloggers!

Postby Anne510 » Tue Jun 29, 2010 2:40 am

ComboFix 10-06-27.06 - Anne512 06/28/2010 21:07:44.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.856 [GMT -4:00]
Running from: c:\users\Anne512\Downloads\ComboFix.exe
Command switches used :: c:\users\Anne512\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\ASMBB\win32\wauditu.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ASMBB\win32\wauditu.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))
.

2010-06-29 01:17 . 2010-06-29 01:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-29 01:17 . 2010-06-29 01:17 -------- d-----w- c:\users\Paul\AppData\Local\temp
2010-06-29 01:17 . 2010-06-29 01:17 -------- d-----w- c:\users\Jannah and Aaminah\AppData\Local\temp
2010-06-29 01:17 . 2010-06-29 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-29 00:53 . 2010-06-29 00:53 -------- d-----w- c:\users\Anne512\AppData\Roaming\skypePM
2010-06-29 00:52 . 2010-06-29 00:54 -------- d-----w- c:\users\Anne512\AppData\Roaming\Skype
2010-06-29 00:51 . 2010-06-29 00:51 -------- d-----w- c:\program files\Common Files\Skype
2010-06-29 00:51 . 2010-06-29 00:51 -------- d-----r- c:\program files\Skype
2010-06-29 00:51 . 2010-06-29 00:51 -------- d-----w- c:\programdata\Skype
2010-06-28 01:40 . 2010-06-28 01:40 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2010-06-27 03:19 . 2010-06-27 03:19 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-06-25 05:54 . 2010-06-25 05:54 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-25 03:02 . 2010-06-25 03:02 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-25 03:00 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-06-25 02:59 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-25 02:59 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-25 02:59 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-25 02:26 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 02:26 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 02:26 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 02:26 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 02:26 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-25 01:47 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-25 01:47 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-25 01:47 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-25 01:46 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-25 01:46 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-06-25 01:46 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-25 01:46 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-25 01:46 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-25 01:46 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-25 01:46 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-25 01:46 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-25 01:46 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-06-23 01:14 . 2010-06-19 01:42 17276 ----a-w- c:\users\Anne512\AppData\Roaming\Mozilla\Firefox\Profiles\a143cmwe.default\extensions\fbchathistory@firechm.com\content\common.js.com
2010-06-23 01:14 . 2010-06-19 01:42 13869 ----a-w- c:\users\Anne512\AppData\Roaming\Mozilla\Firefox\Profiles\a143cmwe.default\extensions\fbchathistory@firechm.com\content\fbchathistory.js.com
2010-06-23 01:14 . 2010-06-19 01:42 12538 ----a-w- c:\users\Anne512\AppData\Roaming\Mozilla\Firefox\Profiles\a143cmwe.default\extensions\fbchathistory@firechm.com\content\history.js.com
2010-06-21 00:30 . 2010-06-25 14:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-20 15:15 . 2010-06-29 01:18 -------- d-----w- c:\users\Anne512\AppData\Local\temp
2010-06-14 04:10 . 2010-06-14 04:10 41216 ----a-w- c:\windows\system32\drivers\KHCAP.sys
2010-06-14 04:10 . 2010-06-14 04:10 -------- d-----w- c:\windows\ASMBB
2010-06-14 03:31 . 2010-06-22 16:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-14 03:31 . 2010-06-14 03:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-10 19:20 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 05:02 . 2010-06-08 14:24 52224 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\7cdgoiag.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-06-09 05:02 . 2010-06-08 14:24 101376 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\7cdgoiag.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-06-02 17:22 . 2010-06-02 17:30 -------- d-----w- C:\5923c4c306690005cbe4
2010-06-02 17:13 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-02 17:13 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-02 13:25 . 2010-06-02 13:25 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 13:25 . 2010-06-02 13:25 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-01 05:31 . 2010-06-02 02:16 -------- d-----w- c:\programdata\Deskshare
2010-06-01 05:31 . 2010-06-01 05:31 -------- d-----w- c:\users\Anne512\AppData\Local\Xenocode
2010-06-01 05:23 . 2010-06-01 05:23 -------- d-----w- c:\program files\Pechora
2010-06-01 05:09 . 2010-06-01 05:09 -------- d-----w- c:\program files\Digi-Watcher.com
2010-06-01 01:40 . 2010-06-01 01:40 -------- d-----w- c:\users\Anne512\AppData\Roaming\SUPERAntiSpyware.com
2010-06-01 01:40 . 2010-06-01 01:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 00:53 . 2010-06-29 00:53 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-28 23:28 . 2007-11-15 09:10 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-27 03:22 . 2008-06-19 19:43 -------- d-----w- c:\programdata\Microsoft Help
2010-06-26 00:47 . 2007-11-21 01:19 119872 ----a-w- c:\users\Anne512\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-25 14:46 . 2007-12-01 19:14 119872 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-25 05:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-25 05:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-25 05:54 . 2010-06-25 05:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-25 05:54 . 2010-06-25 05:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-25 02:44 . 2007-11-15 09:45 -------- d-----w- c:\program files\Microsoft Works
2010-06-25 02:29 . 2008-06-19 19:47 -------- d-----w- c:\program files\Microsoft.NET
2010-06-02 13:24 . 2010-02-10 01:35 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 13:24 . 2010-02-10 01:35 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 05:20 . 2007-12-05 07:13 -------- d-----w- c:\program files\OpenOffice.org 2.3
2010-05-31 03:18 . 2010-03-14 10:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 17:06 . 2010-06-10 19:19 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 19:19 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 23:30 . 2010-05-22 23:30 -------- d-----w- c:\users\Jannah and Aaminah\AppData\Roaming\CyberLink
2010-05-19 22:10 . 2010-02-15 16:23 -------- d-----w- c:\users\Jannah and Aaminah\AppData\Roaming\KidZui
2010-05-15 13:02 . 2010-02-10 01:35 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-05-10 04:31 . 2008-11-01 12:53 -------- d-----w- c:\users\Anne512\AppData\Roaming\ZoomBrowser EX
2010-05-10 04:28 . 2008-11-01 12:36 -------- d-----w- c:\programdata\ZoomBrowser
2010-05-07 12:52 . 2010-05-07 12:52 -------- d-----w- c:\users\Paul\AppData\Roaming\Research In Motion
2010-05-07 00:08 . 2010-02-07 05:08 50354 ----a-w- c:\users\Anne512\AppData\Roaming\Facebook\uninstall.exe
2010-05-07 00:08 . 2010-02-07 05:08 -------- d-----w- c:\users\Anne512\AppData\Roaming\Facebook
2010-05-04 05:59 . 2010-06-10 19:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 19:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 19:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 19:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 19:19 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 15:31 . 2007-11-15 09:30 -------- d-----w- c:\program files\Roxio
2010-04-29 19:39 . 2010-03-14 10:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-14 10:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 12:54 . 2010-04-25 12:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-24 22:31 . 2010-04-24 22:31 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-19 01:35 . 2010-03-13 12:16 18432 ----a-w- c:\users\Anne512\fbchathistory.dat
2010-04-16 19:12 . 2010-04-16 19:12 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-16 19:12 . 2010-04-16 19:12 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-16 19:12 . 2010-04-16 19:12 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-16 19:12 . 2010-04-16 19:12 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-16 19:12 . 2010-04-16 19:12 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-16 19:12 . 2010-04-16 19:12 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-16 19:12 . 2010-04-16 19:12 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-16 19:12 . 2010-04-16 19:12 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\DesktopMgr.exe
2010-04-16 19:12 . 2010-04-16 19:12 49152 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-04-16 19:12 . 2010-04-16 19:12 49152 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-04-16 19:12 . 2010-04-16 19:12 49152 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2010-04-16 16:43 . 2010-06-25 01:47 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-25 01:47 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-25 01:47 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-25 01:47 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-14 19:18 . 2010-04-14 19:05 139535704 ----a-w- c:\users\Anne512\AppData\Roaming\Research In Motion\BlackBerry\SR_MM_English.exe
2010-04-14 12:18 . 2010-04-14 12:18 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-14 12:18 . 2010-04-14 12:18 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-14 12:18 . 2010-04-14 12:18 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-14 12:18 . 2010-04-14 12:18 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-14 12:18 . 2010-04-14 12:18 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-14 12:18 . 2010-04-14 12:18 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-14 12:18 . 2010-04-14 12:18 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2010-04-14 12:18 . 2010-04-14 12:18 69632 ----a-r- c:\users\Anne512\AppData\Roaming\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\DesktopMgr.exe
2010-04-10 14:16 . 2010-02-21 16:34 1956808 ----a-w- c:\users\Jannah and Aaminah\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2007-11-15 09:26 . 2007-11-15 09:26 76 --sh--r- c:\windows\CT4CET.bin
2007-11-15 17:03 . 2007-11-15 16:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"P2kAutostart"="" [BU]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-18 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-02 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-02 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-02 133912]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-12 101136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-25 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-27 202256]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Jannah and Aaminah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Anne512\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-15 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-11-21 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):b4,36,a3,f9,e1,c1,ca,01

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
R0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca8c7b719e9220;Google Update Service (gupdate1ca8c7b719e9220);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 133104]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-21 32408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-13 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-02 242896]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
S2 waudit;waudit;c:\windows\ASMBB\win32\waudit.exe [2010-06-14 1056768]
S3 KHCAP;KHCap Packet Driver (KHCAP);c:\windows\system32\drivers\KHCAP.sys [2010-06-14 41216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 13:48]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 13:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmred ... ho_central
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
FF - ProfilePath - c:\users\Anne512\AppData\Roaming\Mozilla\Firefox\Profiles\a143cmwe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Anne512\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Anne512\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-28 21:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-28 21:21:37
ComboFix-quarantined-files.txt 2010-06-29 01:21
ComboFix2.txt 2010-06-20 15:15
ComboFix3.txt 2010-06-18 14:44

Pre-Run: 101,247,549,440 bytes free
Post-Run: 101,256,519,680 bytes free

- - End Of File - - 4D6779BE2DA102D85FAE1595A9D5CBC3
Anne510
Newbie
Newbie
 
Posts: 14
Joined: Thu Jun 17, 2010 7:13 am

Thanks given:0
Thanks received:0
Top

Re: I need help, I think there are multiple keyloggers!

Postby Anne510 » Tue Jun 29, 2010 2:42 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:54 PM, on 6/28/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Anne512\Desktop\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmred ... ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~2\VERIZO~1.DLL (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~2\VERIZO~1.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1ca8c7b719e9220) (gupdate1ca8c7b719e9220) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: waudit - ASM Software LLC - C:\Windows\ASMBB\win32\waudit.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12977 bytes
Anne510
Newbie
Newbie
 
Posts: 14
Joined: Thu Jun 17, 2010 7:13 am

Thanks given:0
Thanks received:0
Top

Re: I need help, I think there are multiple keyloggers!

Postby Gecko » Tue Jun 29, 2010 1:26 pm

Anne510,

Your logs have changed dramatically due to the installation more programs.
This make it almost impossable for me to work on your infections as now there are a number of new files to research as well.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5129
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:22
Top

Re: I need help, I think there are multiple keyloggers!

Postby Anne510 » Fri Jul 02, 2010 11:24 pm

Other than the Combo fix and HiJack This, those were the last programs I installed.
Anne510
Newbie
Newbie
 
Posts: 14
Joined: Thu Jun 17, 2010 7:13 am

Thanks given:0
Thanks received:0
Top

Re: I need help, I think there are multiple keyloggers!

Postby jamecam555 » Fri Jul 27, 2012 4:27 pm

You can follow up the link : Keystroke logger to get the best in the market.

Thank you.
jamecam555
Newbie
Newbie
 
Posts: 1
Joined: Fri Jul 27, 2012 4:24 pm
Operating System: your phone number

Thanks given:0
Thanks received:0
Top

Previous

Return to Malware Support

Who is online

Users browsing this forum: No registered users and 2 guests