Tech Support Forum banner

Keylogger or not

2804 Views 0 Replies 1 Participant Last post by  Kakaduku
Hey guys,thanks for the instructions on your forum on how to remove the malware/keyloggers...just posting the info to see if I do really have a keylogger on my pc,as Blizzard Entertainment told me.
This is what DDS found:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Dusan at 11:58:56.39 on Sun 12/06/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1021 [GMT 1:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Stardock\MyColors\wbload.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Dusan\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AtiPTA] atiptaxx.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [razer] c:\program files\razer\copperhead\razerhid.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WB - c:\program files\stardock\mycolors\fastload.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dusan\applic~1\mozilla\firefox\profiles\n70ke0mq.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.max-connections-per-server - 8
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-6 64288]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-11-6 15424]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-11-6 549256]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2009-11-6 19020]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

=============== Created Last 30 ================

2009-12-06 10:49:02 0 d-----w- c:\program files\Trend Micro
2009-12-06 10:07:08 0 d-----w- c:\docume~1\dusan\applic~1\Malwarebytes
2009-12-06 10:07:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-06 10:07:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-06 10:07:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-06 10:07:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-06 09:02:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-06 08:58:13 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-06 08:58:04 0 d-----w- c:\program files\Lavasoft
2009-12-06 08:18:03 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2009-12-06 08:16:58 0 d-----w- c:\program files\Pando Networks
2009-11-23 22:51:54 0 d-----w- c:\documents and settings\dusan\Tracing
2009-11-19 05:04:39 0 d-----w- c:\docume~1\dusan\applic~1\Turbine
2009-11-19 01:02:12 0 d-----w- c:\docume~1\dusan\applic~1\GetRightToGo
2009-11-19 00:10:32 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-11-18 23:48:44 0 d-----w- c:\program files\Codemasters
2009-11-17 21:56:25 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 21:56:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-12 22:07:12 3001 --sha-w- c:\documents and settings\dusan\ppUser.dat
2009-11-12 22:07:09 0 d-----w- c:\docume~1\dusan\applic~1\Contrast
2009-11-12 22:05:59 0 d-----w- c:\program files\Contrast
2009-11-12 22:05:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Contrast
2009-11-12 22:04:15 0 d-----w- c:\windows\system32\URTTemp
2009-11-12 12:38:53 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-09 22:24:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-09 22:24:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-09 12:01:29 0 d-----w- c:\docume~1\dusan\applic~1\MSNInstaller
2009-11-09 11:57:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-09 11:41:24 0 d-----w- c:\program files\tbh
2009-11-09 11:38:49 0 d-----r- c:\program files\Skype
2009-11-07 06:22:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-11-07 06:07:49 0 d-----w- c:\windows\pss
2009-11-06 23:39:09 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-11-06 23:39:08 0 d-----w- c:\program files\McAfee Security Scan
2009-11-06 23:31:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard
2009-11-06 22:06:56 0 d-----w- c:\windows\system32\LogFiles
2009-11-06 15:47:50 0 d-----w- c:\program files\common files\Blizzard Entertainment
2009-11-06 15:36:48 0 d-----w- c:\windows\RegisteredPackages
2009-11-06 15:04:33 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-11-06 15:04:32 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-06 15:04:26 0 d-----w- c:\docume~1\dusan\applic~1\TuneUp Software
2009-11-06 15:04:18 0 d-----w- c:\program files\TuneUp Utilities 2010
2009-11-06 15:04:05 0 d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-11-06 15:04:00 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-06 15:01:00 0 d-----w- c:\program files\uTorrent
2009-11-06 15:00:55 0 d-----w- c:\docume~1\dusan\applic~1\uTorrent
2009-11-06 14:51:45 5760054 ----a-w- c:\windows\worldofwarcraft-1024.bmp
2009-11-06 14:51:36 0 d-----w- c:\program files\common files\Stardock
2009-11-06 14:51:31 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{41E8B74B-0559-4DF7-9B4B-5A5D5058F042}
2009-11-06 14:51:29 0 d-----w- c:\program files\Stardock
2009-11-06 14:23:09 0 d-s---w- c:\documents and settings\dusan\UserData
2009-11-06 14:02:16 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-06 14:02:15 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-06 14:02:14 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-06 14:02:14 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-06 13:31:17 0 d-----w- c:\program files\common files\ODBC
2009-11-06 13:31:15 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-06 13:30:49 0 d-----r- c:\documents and settings\all users\Documents
2009-11-06 13:10:02 0 d-----w- c:\program files\ESET
2009-11-06 12:54:59 0 d-----w- c:\program files\Realtek
2009-11-06 12:49:16 0 d-----w- c:\program files\MultiRes
2009-11-06 12:49:00 0 d-----w- c:\program files\Radeon Omega Drivers
2009-11-06 12:40:04 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-06 12:39:49 0 d--h--w- c:\program files\WindowsUpdate
2009-11-06 12:38:53 0 d-----w- c:\program files\common files\MSSoap
2009-11-06 12:37:41 0 d-----w- c:\program files\Online Services
2009-11-06 12:37:33 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-06 12:36:53 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-11-06 13:10:05 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-11-06 13:10:05 299392 ----a-w- c:\windows\system32\imon.dll
2009-11-06 13:10:05 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-11-06 12:54:56 315392 ----a-w- c:\windows\HideWin.exe
2009-11-06 12:49:00 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-11-06 12:37:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 11:59:23.85 ===============

Attachments

See less See more
Status
Not open for further replies.
1 - 1 of 1 Posts
1 - 1 of 1 Posts
Status
Not open for further replies.
Top