Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

possible key logger hack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

possible key logger hack

Unread postby danco » October 10th, 2011, 12:26 pm

I am unable to login to two accounts because passwords were changed without my approval or my knowledge. I have had both accounts suspended until I can remove possible key logger hack.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dan at 8:58:46 on 2011-10-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4192 [GMT -7:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Users\Dan\AppData\Local\Apps\2.0\BPK3TXKW.48G\1HADWO41.YNP\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnbc.com/id/17689937
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
StartupFolder: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{20914F8E-0929-4C24-ABC8-0C05A33EF444} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO-X64: Trend Micro Toolbar BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
.
============= SERVICES / DRIVERS ===============
.
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-5-4 256336]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-8-17 402328]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-6 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-7 136176]
S2 MaxSch2Svc;Maxtor Scheduler2 Service;"C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe" --> C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-7 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-10 13:28:09 -------- d-----w- C:\Users\Dan\AppData\Local\{6303B1EE-C3E4-4951-A105-B1ED2488B003}
2011-10-10 13:27:48 -------- d-----w- C:\Users\Dan\AppData\Local\{CF00CB73-06A7-4D7A-91E8-90D9E9D4712F}
2011-10-09 06:18:18 -------- d-----w- C:\Users\Dan\AppData\Local\{E54974D6-38A1-415F-A263-13B43BEC5D34}
2011-10-09 06:18:07 -------- d-----w- C:\Users\Dan\AppData\Local\{A893D249-6D6A-496C-8EFC-D054486031D3}
2011-10-08 10:55:16 -------- d-----w- C:\Users\Dan\AppData\Local\{F75A18B4-2938-4B14-A9FC-639C05CB9509}
2011-10-08 10:54:53 -------- d-----w- C:\Users\Dan\AppData\Local\{DD818C02-13B3-4F74-98E0-B58C3059F51B}
2011-10-07 22:54:18 -------- d-----w- C:\Users\Dan\AppData\Local\{025B5946-A833-4DE1-9278-CCD5A8F2A89F}
2011-10-07 22:53:49 -------- d-----w- C:\Users\Dan\AppData\Local\{EA6643B1-CC05-4EA7-8302-4A4E85D5DF28}
2011-10-07 10:53:34 -------- d-----w- C:\Users\Dan\AppData\Local\{BC41F871-B4CA-42E2-8132-EDE3575A6795}
2011-10-07 10:53:11 -------- d-----w- C:\Users\Dan\AppData\Local\{DC9CEA7E-D67A-42C0-9003-C9E96BA65BA5}
2011-10-06 22:52:45 -------- d-----w- C:\Users\Dan\AppData\Local\{BBDBC5A0-D3A6-4B77-81F7-5012DD08F148}
2011-10-06 22:52:23 -------- d-----w- C:\Users\Dan\AppData\Local\{A30F576A-0014-4285-8DF2-1E8AF9E18FD2}
2011-10-06 10:52:09 -------- d-----w- C:\Users\Dan\AppData\Local\{1FBEF1C2-E5F2-43B9-961F-059CC9CDA001}
2011-10-06 10:51:47 -------- d-----w- C:\Users\Dan\AppData\Local\{93B1E58B-9072-4789-AD9D-581807A29E81}
2011-10-05 13:15:22 -------- d-----w- C:\Users\Dan\AppData\Local\{9FB4D214-1C73-4D4B-ADA2-DFF856EA8646}
2011-10-05 13:15:00 -------- d-----w- C:\Users\Dan\AppData\Local\{C8DA3D74-F59D-4700-805A-8E2E4DBF599E}
2011-10-05 01:14:47 -------- d-----w- C:\Users\Dan\AppData\Local\{4F4523DE-87D9-4C3B-A295-B1E4CECC7E02}
2011-10-05 01:14:25 -------- d-----w- C:\Users\Dan\AppData\Local\{C23F204C-3CA4-4FE1-85AC-85BE8626D321}
2011-10-04 13:13:59 -------- d-----w- C:\Users\Dan\AppData\Local\{8C63B69C-AAC3-48B4-800C-4A5E36C227F5}
2011-10-04 13:13:37 -------- d-----w- C:\Users\Dan\AppData\Local\{6C91AB77-106E-42B3-A7A6-AAF02639773E}
2011-10-03 19:57:00 -------- d-----w- C:\Users\Dan\AppData\Local\{A3772645-D661-41D1-8A31-13C12B7054FB}
2011-10-03 19:56:38 -------- d-----w- C:\Users\Dan\AppData\Local\{A7731DDF-03D5-426C-9F77-FC8D9E5FF358}
2011-10-03 07:56:26 -------- d-----w- C:\Users\Dan\AppData\Local\{AB942A7D-D8D6-4E8F-AD9B-078228E71832}
2011-10-03 07:56:04 -------- d-----w- C:\Users\Dan\AppData\Local\{6A0DC2D8-1BBC-4617-8473-C75091523358}
2011-10-02 19:55:37 -------- d-----w- C:\Users\Dan\AppData\Local\{4CCA5127-EC8B-407B-81B5-975CA16CE212}
2011-10-02 19:55:15 -------- d-----w- C:\Users\Dan\AppData\Local\{03ED4834-79D2-45FD-B91F-47C2CD4D5E5C}
2011-09-30 16:32:45 -------- d-----w- C:\Users\Dan\AppData\Local\{73F7DFEC-917F-47B2-95B4-90DB36DFD38A}
2011-09-30 16:32:23 -------- d-----w- C:\Users\Dan\AppData\Local\{19C68469-CB93-4D24-990B-982A12F8FF8B}
2011-09-30 04:31:56 -------- d-----w- C:\Users\Dan\AppData\Local\{BB4F7331-5903-4822-ABF8-E11974684F5B}
2011-09-30 04:31:33 -------- d-----w- C:\Users\Dan\AppData\Local\{FCB79A81-6C1E-4CC8-B089-1F9CB3068298}
2011-09-29 13:20:12 -------- d-----w- C:\Users\Dan\AppData\Local\{03BAD19B-E691-4958-BB23-6BAB0CD538BE}
2011-09-29 13:19:53 -------- d-----w- C:\Users\Dan\AppData\Local\{2A0BCF91-676F-4142-9C4A-F9537C98EF58}
2011-09-29 01:19:29 -------- d-----w- C:\Users\Dan\AppData\Local\{F24EAF59-D862-43AA-AB50-DA4FCF3F5107}
2011-09-29 01:19:07 -------- d-----w- C:\Users\Dan\AppData\Local\{70D373BB-986C-4DFD-A02C-034D7F714D41}
2011-09-28 13:15:02 -------- d-----w- C:\Users\Dan\AppData\Local\{33D5286D-C7C1-40AA-B19B-C2FB374D91B4}
2011-09-28 13:14:40 -------- d-----w- C:\Users\Dan\AppData\Local\{2F2F9807-EEAF-439A-AAE5-D1B65DC5FA02}
2011-09-28 01:14:15 -------- d-----w- C:\Users\Dan\AppData\Local\{96638FED-57C3-4E28-997B-66358724DDD3}
2011-09-28 01:13:53 -------- d-----w- C:\Users\Dan\AppData\Local\{7F8EF8C5-A4D3-4CD4-A238-D73571A28EF4}
2011-09-27 13:13:40 -------- d-----w- C:\Users\Dan\AppData\Local\{CF4BEE36-84E9-4AB9-B9DF-5E4BE0BBBC61}
2011-09-27 13:13:18 -------- d-----w- C:\Users\Dan\AppData\Local\{8D89BF3A-DAD2-4B1A-8008-291E5671869D}
2011-09-27 00:57:53 -------- d-----w- C:\Users\Dan\AppData\Local\{43A03324-F31A-4AC7-8729-8061BF5CD8CD}
2011-09-27 00:57:31 -------- d-----w- C:\Users\Dan\AppData\Local\{0925F0F8-1DDD-409A-AA4F-D1769CBF2FBC}
2011-09-26 12:57:19 -------- d-----w- C:\Users\Dan\AppData\Local\{844164E0-59EA-41B0-84B6-647543DC3230}
2011-09-26 12:56:58 -------- d-----w- C:\Users\Dan\AppData\Local\{D8F52845-E02E-4698-8E45-D968B4AADA0F}
2011-09-25 22:07:00 -------- d-----w- C:\Users\Dan\AppData\Local\{1E7AA5F6-C8BB-4370-9A4A-F2EF17B3C91B}
2011-09-25 22:06:38 -------- d-----w- C:\Users\Dan\AppData\Local\{1815DC24-B4FD-4A19-BBE2-274DA5F23CDE}
2011-09-24 19:05:36 -------- d-----w- C:\Users\Dan\AppData\Local\{30EAA169-DFCA-4F2F-93E7-81875BCAB0CE}
2011-09-24 19:05:23 -------- d-----w- C:\Users\Dan\AppData\Local\{071C3C26-89CD-42AB-9226-9177041DD9FA}
2011-09-24 01:11:47 -------- d-----w- C:\Users\Dan\AppData\Local\{AC2513BE-32E9-4732-9DB7-C822F3B5FBB5}
2011-09-24 01:11:24 -------- d-----w- C:\Users\Dan\AppData\Local\{26BD96DF-F2B5-4317-9B0A-39F10E86467F}
2011-09-23 13:11:10 -------- d-----w- C:\Users\Dan\AppData\Local\{1CC5EED0-22B1-4D54-8049-D97D758B87D9}
2011-09-23 13:10:47 -------- d-----w- C:\Users\Dan\AppData\Local\{98A7C996-65C4-4B02-9A2F-FFB4734A3F55}
2011-09-22 19:38:59 1384479 ----a-w- C:\Windows\SysWow64\temp.000
2011-09-22 19:38:58 94271 ----a-w- C:\Program Files (x86)\MbtSessionsMD.dll
2011-09-22 19:38:58 153088 ----a-w- C:\Program Files (x86)\UNWISE.EXE
2011-09-22 19:38:58 -------- d-----w- C:\Program Files (x86)\Plugins
2011-09-22 13:08:04 -------- d-----w- C:\Users\Dan\AppData\Local\{7B8154F9-2054-4390-92C8-EBE592D7A50F}
2011-09-22 13:07:42 -------- d-----w- C:\Users\Dan\AppData\Local\{1731DAFD-33FE-450D-A9F9-324DDC763C5B}
2011-09-22 01:07:13 -------- d-----w- C:\Users\Dan\AppData\Local\{F7C90D2E-C584-4D3C-AD0B-4C1E2108B37A}
2011-09-22 01:06:51 -------- d-----w- C:\Users\Dan\AppData\Local\{2E3F5FEB-0C2F-4BA2-99D0-8A1B9B89D198}
2011-09-21 14:33:34 -------- d-----w- C:\Users\Dan\AppData\Roaming\MBTrading
2011-09-21 14:33:34 -------- d-----w- C:\ProgramData\MBTrading
2011-09-21 13:06:36 -------- d-----w- C:\Users\Dan\AppData\Local\{1ABF0B66-EBB8-4406-808C-AE3046009AE3}
2011-09-21 13:06:13 -------- d-----w- C:\Users\Dan\AppData\Local\{18143649-8F55-4400-82B4-F8C6833C259E}
2011-09-21 01:42:56 -------- d-----w- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-09-20 20:20:47 -------- d-----w- C:\Users\Dan\AppData\Local\{A6F9AD63-E812-41BE-92C0-139AF3293F9D}
2011-09-20 20:20:25 -------- d-----w- C:\Users\Dan\AppData\Local\{9A6AD22F-3201-4F76-BE84-4D72D083B483}
2011-09-20 08:20:12 -------- d-----w- C:\Users\Dan\AppData\Local\{986AE95A-C39E-45B5-A89E-DA1B5189A445}
2011-09-20 08:19:50 -------- d-----w- C:\Users\Dan\AppData\Local\{04293203-2BF7-4AF0-A7CF-C440C9354B61}
2011-09-19 20:19:23 -------- d-----w- C:\Users\Dan\AppData\Local\{2496DE41-3372-443C-B661-12DFE77F0957}
2011-09-19 20:19:01 -------- d-----w- C:\Users\Dan\AppData\Local\{91D97C6F-7635-44BA-9DD0-9A76E0951870}
2011-09-19 08:18:47 -------- d-----w- C:\Users\Dan\AppData\Local\{A45C5605-A6D8-47BC-BE50-7578281677C3}
2011-09-19 08:18:25 -------- d-----w- C:\Users\Dan\AppData\Local\{1C2442C6-6F01-4F87-A3F0-CD4B57C3494B}
2011-09-18 20:17:46 -------- d-----w- C:\Users\Dan\AppData\Local\{6A6B5F39-411E-4A20-8B8C-5E611E32736B}
2011-09-18 20:17:35 -------- d-----w- C:\Users\Dan\AppData\Local\{DDDF12A1-27F6-4E2F-AE3A-21E32ABB9280}
2011-09-17 23:07:23 -------- d-----w- C:\Users\Dan\AppData\Local\{8969C70A-E3F8-4AE6-B318-E0E00ABEFF7B}
2011-09-17 23:07:02 -------- d-----w- C:\Users\Dan\AppData\Local\{500DC283-3C9A-4F35-8D29-51E93820F030}
2011-09-16 13:46:02 -------- d-----w- C:\Users\Dan\AppData\Local\{8D275486-BA2D-4C60-B897-C7B0FB224153}
2011-09-16 13:45:40 -------- d-----w- C:\Users\Dan\AppData\Local\{A8540F7D-942D-4F25-86C4-766C48B6193C}
2011-09-16 01:45:11 -------- d-----w- C:\Users\Dan\AppData\Local\{86369A8C-F651-4FC9-AD85-C49587CB3FB9}
2011-09-16 01:44:49 -------- d-----w- C:\Users\Dan\AppData\Local\{8C54EB2A-ED34-4D1F-9AE0-3BB9BFEED693}
2011-09-15 13:12:38 -------- d-----w- C:\Users\Dan\AppData\Local\{7CBD5B62-28C9-48E1-9416-ADA9890A5C23}
2011-09-15 13:12:17 -------- d-----w- C:\Users\Dan\AppData\Local\{F18E1550-6B8B-430D-A72C-856584DC7418}
2011-09-15 01:11:51 -------- d-----w- C:\Users\Dan\AppData\Local\{EFC0919C-0520-453B-AE75-F39F4C657E5D}
2011-09-15 01:11:29 -------- d-----w- C:\Users\Dan\AppData\Local\{8478108F-1CB0-4075-8392-3A0FF645EE0F}
2011-09-14 13:11:16 -------- d-----w- C:\Users\Dan\AppData\Local\{9CB4F3FD-13A3-48BF-A8FE-42400547AC61}
2011-09-14 13:10:54 -------- d-----w- C:\Users\Dan\AppData\Local\{71369BC4-4DF6-4779-9427-C80B0F761F6F}
2011-09-14 01:10:28 -------- d-----w- C:\Users\Dan\AppData\Local\{7EFB04D6-A68E-4465-99AB-B741D0D65AC6}
2011-09-14 01:10:06 -------- d-----w- C:\Users\Dan\AppData\Local\{13A26F2B-F536-46A6-9E09-B899C1C615CA}
2011-09-13 13:09:54 -------- d-----w- C:\Users\Dan\AppData\Local\{B4463A14-B528-4629-B869-AA5A71D148E0}
2011-09-13 13:09:32 -------- d-----w- C:\Users\Dan\AppData\Local\{4C0FC70F-7507-45DA-9915-237550725B00}
2011-09-13 01:09:04 -------- d-----w- C:\Users\Dan\AppData\Local\{ACD8CAA2-4F26-48B3-859E-D139C693C6CB}
2011-09-13 01:08:42 -------- d-----w- C:\Users\Dan\AppData\Local\{70CA613C-9677-456C-AE17-0211CE111997}
2011-09-12 13:08:30 -------- d-----w- C:\Users\Dan\AppData\Local\{275854D8-E713-4AD6-AC1C-E378D81DB2EA}
2011-09-12 13:08:05 -------- d-----w- C:\Users\Dan\AppData\Local\{33FA1375-D2A5-4E01-BAC5-32680DCA7462}
2011-09-12 12:56:56 -------- d-----w- C:\Users\Dan\AppData\Local\{A7ED87E4-A367-4724-B9EB-9D07D47F15F3}
.
==================== Find3M ====================
.
2011-09-19 10:13:31 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-30 10:52:35 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-08-30 10:52:35 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-08-30 10:47:36 218808 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-08-29 16:37:20 6726727 ----a-w- C:\Program Files (x86)\MbtDesktopPro.exe
2011-08-29 14:20:00 94270 ----a-w- C:\Program Files (x86)\MbtWin7Tools.dll
2011-08-29 14:11:22 221251 ----a-w- C:\Program Files (x86)\MbtDesktopPro_res.dll
2011-08-29 14:11:10 176203 ----a-w- C:\Program Files (x86)\CrashReport_MbtDesktopPro.exe
2011-08-29 14:10:42 282624 ----a-w- C:\Program Files (x86)\MbtStyleScenic120.dll
2011-08-29 14:10:40 127043 ----a-w- C:\Program Files (x86)\MbtStyleCarbon120.dll
2011-08-29 14:10:38 749568 ----a-w- C:\Program Files (x86)\MbtStyle2010White120.dll
2011-08-29 14:10:34 753664 ----a-w- C:\Program Files (x86)\MbtStyle2010Blue120.dll
2011-08-29 14:10:30 720896 ----a-w- C:\Program Files (x86)\MbtStyle2010Black120.dll
2011-08-29 14:10:26 421888 ----a-w- C:\Program Files (x86)\MbtStyle2007Silver120.dll
2011-08-29 14:10:22 421888 ----a-w- C:\Program Files (x86)\MbtStyle2007Obsidian120.dll
2011-08-29 14:10:18 413696 ----a-w- C:\Program Files (x86)\MbtStyle2007Luna120.dll
2011-08-29 14:10:14 483328 ----a-w- C:\Program Files (x86)\MbtStyle2007Aqua120.dll
2011-08-29 14:10:06 6656061 ----a-w- C:\Program Files (x86)\MbtNavProUi.dll
2011-08-28 05:30:48 135 ----a-w- C:\Program Files (x86)\unregister_all.bat
2011-08-28 05:30:46 130 ----a-w- C:\Program Files (x86)\register_all.bat
2011-08-28 05:27:44 167936 ----a-w- C:\Program Files (x86)\FinancialStudiesDll.dll
2011-08-28 05:27:42 716852 ----a-w- C:\Program Files (x86)\mbdll.dll
2011-08-28 05:27:42 67490 ----a-w- C:\Program Files (x86)\mbtipc.dll
2011-08-28 05:27:42 55372 ----a-w- C:\Program Files (x86)\mbmsg.exe
2011-08-28 05:27:38 1351392 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2011-08-28 05:27:36 94208 ----a-w- C:\Windows\SysWow64\vbalIml6.ocx
2011-08-28 05:27:36 40960 ----a-w- C:\Windows\SysWow64\PLC.ocx
2011-08-28 05:27:36 32768 ----a-w- C:\Windows\SysWow64\Regtool5.dll
2011-08-28 05:27:34 212240 ----a-w- C:\Windows\SysWow64\Richtx32.ocx
2011-08-28 05:27:32 662288 ----a-w- C:\Windows\SysWow64\Mscomct2.ocx
2011-08-28 05:27:32 200704 ----a-w- C:\Windows\SysWow64\axlsbcls.dll
2011-08-28 05:27:32 167968 ----a-w- C:\Windows\SysWow64\msmask32.ocx
2011-08-28 05:26:40 564736 ----a-w- C:\Program Files (x86)\TradeIdeasGenericConnector2Proj1.ocx
2011-08-28 05:26:40 1337856 ----a-w- C:\Program Files (x86)\TradeIdeasWindowProj1.ocx
2011-08-28 05:25:14 1572928 ----a-w- C:\Program Files (x86)\_ISource.dll
2011-08-28 05:25:10 1069584 ----a-w- C:\Program Files (x86)\dbghelp.dll
2011-08-28 05:19:02 207872 ----a-w- C:\Program Files (x86)\ipworks.dll
2011-08-28 05:19:00 92160 ----a-w- C:\Program Files (x86)\ipwthunk.dll
2011-08-28 05:19:00 110592 ----a-w- C:\Program Files (x86)\ick2.dll
2011-08-07 18:35:48 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2011-08-07 18:33:45 9590960 ----a-w- C:\ProgramData\MbtDesktop_11.8.0.38.exe
2011-08-03 13:16:55 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-08-01 22:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-14 12:54:09 72080 ----a-w- C:\Users\Dan\g2mdlhlpx.exe
.
============= FINISH: 9:00:22.01 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/24/2010 3:46:08 PM
System Uptime: 10/9/2011 2:17:37 AM (31 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET6
Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 640.105 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.588 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#
Manufacturer: Generic-
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD-Picture
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.02#058F63626476&2#
Manufacturer: Generic-
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.02#058F63626476&2#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#
Manufacturer: Generic-
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#
Service: WUDFRd
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7100 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7100 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626476&3#
Manufacturer: Generic-
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626476&3#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP181: 9/17/2011 12:38:57 AM - Scheduled Checkpoint
RP182: 9/20/2011 6:32:27 PM - HPSF Applying updates
RP183: 9/20/2011 6:43:42 PM - Installed HP Support Assistant
RP184: 9/20/2011 6:51:22 PM - Windows Modules Installer
RP185: 9/20/2011 6:54:29 PM - Windows Modules Installer
RP186: 9/28/2011 1:58:34 PM - Scheduled Checkpoint
RP187: 10/2/2011 10:06:34 AM - Windows Update
RP188: 10/10/2011 6:13:05 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.6
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Amazon Add to Wish List IE Extension 1.1
Battlefield: Bad Company™ 2
Bing Bar
Bing Rewards Client Installer
BufferChm
C7100
c7100_Help
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Cisco Network Magic
Compatibility Pack for the 2007 Office system
Copy
Curse Client - 1
CyberLink DVD Suite Deluxe
D3DX10
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DocProc
Download Manager 2.3.10
DVD Menu Pack for HP MediaSmart Video
Fax
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
GoToMeeting 4.8.0.723
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.1.0
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Support Assistant
HP Support Information
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Hulu Desktop
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
LabelPrint
LightScribe System Software
MarketResearch
MBT Desktop Pro
MBT LightWave Trading Platform
Microsoft Live Search Toolbar
Microsoft Office Live Add-in 1.5
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Magic
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Paint Shop Pro 7 Anniversary Edition
PictureMover
Power2Go
PowerDirector
Pure Networks Platform
Realtek High Definition Audio Driver
Recovery Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
SmartWebPrinting
SolutionCenter
Starfleet Command - Gold Edition
Starfleet Command II
Starfleet Command II Patcher
Status
Steam
The Weather Channel Desktop 6
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinZip 15.5
WinZip Self-Extractor
WizeFeed 2.1.5
Wizefinder
Wizetrade® FOREX
Wizetrade® Stocks
World of Warcraft
Yahoo! Toolbar
YouTube Downloader 3.3
YouTube Downloader Toolbar v4.6
.
==== Event Viewer Messages From Past Week ========
.
10/9/2011 3:02:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user DansComputer\Dan SID (S-1-5-21-3007678799-3236784319-2415737310-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/9/2011 3:02:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user DansComputer\Dan SID (S-1-5-21-3007678799-3236784319-2415737310-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/9/2011 2:21:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/9/2011 2:21:20 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2011 2:18:01 AM, Error: Service Control Manager [7000] - The Maxtor Scheduler2 Service service failed to start due to the following error: The system cannot find the file specified.
10/6/2011 6:14:18 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
10/6/2011 6:14:18 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
danco
Active Member
 
Posts: 13
Joined: October 10th, 2011, 12:10 pm
Advertisement
Register to Remove

Re: possible key logger hack

Unread postby diver79 » October 13th, 2011, 5:36 pm

Hi and welcome to MalwareRemoval.com, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems. I am currently in training at the Malware University. All of my instructions need to be checked and approved by a teacher, which may lead to a slight delay.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP?
How to backup your data - Vista/Win7

Looking into your logs now. Will post instructions soon...

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: possible key logger hack

Unread postby diver79 » October 14th, 2011, 3:27 pm

Hi danco,

Backdoor Trojan Warning
You computer has been infected with a Backdoor Trojan!
Backdoor Trojan's are very dangerous because they sit stealthily on your system and provide a remote user with 'backdoor' access to your computer. They can also monitor all the keys you press and can steal sensitive information including your logins, passwords and private (financial) data.
Please take a minute to review these guidelines:
  • If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned.
  • All of your passwords should be changed immediately
  • Change passwords ... using a different computer and not the infected one.
  • Banking and credit card institutions should be notified of the possible security breach.


Please read "How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?"
Although the trojan can be identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again.
It is dangerous and incorrect to assume that because the trojan has been removed the computer is now secure.
In some instances, such an infection may download/install other malicious files to your system.
Many experts in the security community believe that once infected with this type of malware,
the best course of action is to wipe the drive clean, reformat and reinstall the OS.
This is a decision that you will have to make. No action will be taken unless you reply that you want to proceed with the removal attempt.

Here are some articles you can read, that may be beneficial:

Please let me know how you wish to proceed.

Thanks.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: possible key logger hack

Unread postby danco » October 15th, 2011, 9:56 pm

I do not have original os. Win 7 came with puter, but I made a recovery disc when I purchased puter a year ago. Will the recovery disc reinstall Win 7?
danco
Active Member
 
Posts: 13
Joined: October 10th, 2011, 12:10 pm

Re: possible key logger hack

Unread postby diver79 » October 17th, 2011, 5:47 pm

Hi danco,

danco wrote:I do not have original os. Win 7 came with puter, but I made a repair disc when I purchased puter a year ago. Will the repair disc reinstall Win 7?
No, unfortunately the repair disk will only allow you to access System Recovery Options that aid in repairing the Operating System, it will not allow you to re-install it.

I notice you have Recovery Manager installed on this computer. This should allow you to create a set of recovery disks that will restore the OS to its original condition.

Note: Recovery manager does not recover your documents\pictures\music\emails etc. It will simply recover the computer to its original condition.

I recommend backing up all data you wish to keep and then creating a set of recovery disks.

See here for information on creating the recovery disks and running the recovery.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: possible key logger hack

Unread postby danco » October 20th, 2011, 12:48 pm

I was just informed by Trend Micro technician that my computer is now safe after they cleaned a couple of files. I'm running another DDS scan...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dan at 9:45:48 on 2011-10-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4626 [GMT -7:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Dan\AppData\Local\Apps\2.0\BPK3TXKW.48G\1HADWO41.YNP\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnbc.com/id/17689937
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe -update activex
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{20914F8E-0929-4C24-ABC8-0C05A33EF444} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO-X64: Trend Micro Toolbar BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-10-17 275912]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-6 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-7 136176]
S2 MaxSch2Svc;Maxtor Scheduler2 Service;"C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe" --> C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-7 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-20 16:26:38 -------- d-----w- C:\Users\Dan\AppData\Local\{B95FD80C-A358-4D08-B1D2-9EAD630F1E84}
2011-10-20 16:26:16 -------- d-----w- C:\Users\Dan\AppData\Local\{53D1A171-DF80-42B1-B1CF-BA832FEF91F4}
2011-10-20 00:39:28 -------- d-----w- C:\Users\Dan\AppData\Local\{3E639D60-0DC3-4D45-BEE1-FD4440A8A09C}
2011-10-20 00:39:07 -------- d-----w- C:\Users\Dan\AppData\Local\{1F75B92A-3330-4301-B6E7-A1338FCCDB66}
2011-10-19 12:38:42 -------- d-----w- C:\Users\Dan\AppData\Local\{04D84202-1C14-43EE-8AC5-F728B9337540}
2011-10-19 12:38:20 -------- d-----w- C:\Users\Dan\AppData\Local\{C2E0E691-DBDF-4DBB-8FBB-EC9B62F4E363}
2011-10-18 16:57:31 -------- d-----w- C:\Users\Dan\AppData\Local\{76E401AF-76ED-4D30-8AFA-65F3E7A2DDE1}
2011-10-18 16:57:09 -------- d-----w- C:\Users\Dan\AppData\Local\{675E1897-2791-4FF1-8C01-917DED5BAD7B}
2011-10-18 04:56:43 -------- d-----w- C:\Users\Dan\AppData\Local\{548598BB-D3E2-47DF-A278-2A6E48BBAFAA}
2011-10-18 04:56:22 -------- d-----w- C:\Users\Dan\AppData\Local\{369E402F-25C4-4830-AC48-051D6DCDAB0F}
2011-10-17 22:42:37 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2011-10-17 22:42:28 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2011-10-17 22:42:28 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2011-10-17 22:42:28 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2011-10-17 22:40:11 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2011-10-17 22:39:14 -------- d-----w- C:\Program Files\Trend Micro
2011-10-17 13:40:55 -------- d-----w- C:\Users\Dan\AppData\Local\{A601BB7C-81BD-4429-B281-27A676CB6CDD}
2011-10-17 13:40:45 -------- d-----w- C:\Users\Dan\AppData\Local\{938718E1-2B78-4C2D-BE05-EEA639425CA6}
2011-10-16 22:59:49 -------- d-----w- C:\Users\Dan\AppData\Local\{60234BFB-844B-426A-877A-4248CE9DACDB}
2011-10-16 22:59:27 -------- d-----w- C:\Users\Dan\AppData\Local\{72F45BFA-8559-403C-A619-4A26246C9F16}
2011-10-15 23:13:28 -------- d-----w- C:\Users\Dan\AppData\Local\{EE1047AF-6314-4EEB-91D4-30F3BDCDE3C7}
2011-10-15 23:13:17 -------- d-----w- C:\Users\Dan\AppData\Local\{6C63A685-CEB6-4AF8-B71D-E4445C002732}
2011-10-15 06:10:55 -------- d-----w- C:\Users\Dan\AppData\Local\{FAB5ED3A-8EDC-4B3B-8D20-C806CC7862E2}
2011-10-15 06:10:33 -------- d-----w- C:\Users\Dan\AppData\Local\{8631113C-03B0-4F08-A92B-0F8CA7216852}
2011-10-14 18:10:21 -------- d-----w- C:\Users\Dan\AppData\Local\{9EC46221-36DF-4B92-A549-47F15AF5B20D}
2011-10-14 18:09:59 -------- d-----w- C:\Users\Dan\AppData\Local\{85625347-7F0F-4FEF-9E15-E396545D2698}
2011-10-14 06:09:33 -------- d-----w- C:\Users\Dan\AppData\Local\{505629F9-D2C7-4FA5-8BE1-F88A580C3719}
2011-10-14 06:09:11 -------- d-----w- C:\Users\Dan\AppData\Local\{5F34FDE4-8F70-4F8D-B5AD-945098175C0C}
2011-10-13 18:09:49 161296 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-10-13 18:08:46 -------- d-----w- C:\Users\Dan\AppData\Local\{D405B2F5-D637-4B65-8034-CCD839508EF5}
2011-10-13 18:08:21 -------- d-----w- C:\Users\Dan\AppData\Local\{E2BB69CE-C2A7-45C8-BEE4-D3D31B6247CD}
2011-10-13 06:07:57 -------- d-----w- C:\Users\Dan\AppData\Local\{8DFEDA66-FC16-4DD0-82E7-C98F7FF5EC53}
2011-10-13 06:07:35 -------- d-----w- C:\Users\Dan\AppData\Local\{2B4CE3C5-3E12-4EA0-8518-071465E86C1E}
2011-10-12 17:53:30 -------- d-----w- C:\Users\Dan\AppData\Local\{725ADD4E-E95D-4897-AA1E-EFA0522E4498}
2011-10-12 17:53:08 -------- d-----w- C:\Users\Dan\AppData\Local\{062B071C-0C77-4D60-B42C-15BD25C2EBB0}
2011-10-12 05:52:41 -------- d-----w- C:\Users\Dan\AppData\Local\{6024FBC2-0FC1-450F-9F75-57EC08D2714D}
2011-10-12 05:52:20 -------- d-----w- C:\Users\Dan\AppData\Local\{D5584C3F-BCD3-4E68-9DF0-025D97354318}
2011-10-11 17:52:07 -------- d-----w- C:\Users\Dan\AppData\Local\{ED5976F0-E430-4D90-8DD2-502871DA284B}
2011-10-11 17:51:57 -------- d-----w- C:\Users\Dan\AppData\Local\{5C16DFDB-3D01-45E3-8D28-0A218CB3685A}
2011-10-11 01:28:58 -------- d-----w- C:\Users\Dan\AppData\Local\{A5E6A8B1-A521-42B2-AC13-981C5F3296BC}
2011-10-11 01:28:36 -------- d-----w- C:\Users\Dan\AppData\Local\{31AA4E56-8C7D-42D4-B3C1-8E15659E7F55}
2011-10-10 13:28:09 -------- d-----w- C:\Users\Dan\AppData\Local\{6303B1EE-C3E4-4951-A105-B1ED2488B003}
2011-10-10 13:27:48 -------- d-----w- C:\Users\Dan\AppData\Local\{CF00CB73-06A7-4D7A-91E8-90D9E9D4712F}
2011-10-09 06:18:18 -------- d-----w- C:\Users\Dan\AppData\Local\{E54974D6-38A1-415F-A263-13B43BEC5D34}
2011-10-09 06:18:07 -------- d-----w- C:\Users\Dan\AppData\Local\{A893D249-6D6A-496C-8EFC-D054486031D3}
2011-10-08 10:55:16 -------- d-----w- C:\Users\Dan\AppData\Local\{F75A18B4-2938-4B14-A9FC-639C05CB9509}
2011-10-08 10:54:53 -------- d-----w- C:\Users\Dan\AppData\Local\{DD818C02-13B3-4F74-98E0-B58C3059F51B}
2011-10-07 22:54:18 -------- d-----w- C:\Users\Dan\AppData\Local\{025B5946-A833-4DE1-9278-CCD5A8F2A89F}
2011-10-07 22:53:49 -------- d-----w- C:\Users\Dan\AppData\Local\{EA6643B1-CC05-4EA7-8302-4A4E85D5DF28}
2011-10-07 10:53:34 -------- d-----w- C:\Users\Dan\AppData\Local\{BC41F871-B4CA-42E2-8132-EDE3575A6795}
2011-10-07 10:53:11 -------- d-----w- C:\Users\Dan\AppData\Local\{DC9CEA7E-D67A-42C0-9003-C9E96BA65BA5}
2011-10-06 22:52:45 -------- d-----w- C:\Users\Dan\AppData\Local\{BBDBC5A0-D3A6-4B77-81F7-5012DD08F148}
2011-10-06 22:52:23 -------- d-----w- C:\Users\Dan\AppData\Local\{A30F576A-0014-4285-8DF2-1E8AF9E18FD2}
2011-10-06 10:52:09 -------- d-----w- C:\Users\Dan\AppData\Local\{1FBEF1C2-E5F2-43B9-961F-059CC9CDA001}
2011-10-06 10:51:47 -------- d-----w- C:\Users\Dan\AppData\Local\{93B1E58B-9072-4789-AD9D-581807A29E81}
2011-10-05 13:15:22 -------- d-----w- C:\Users\Dan\AppData\Local\{9FB4D214-1C73-4D4B-ADA2-DFF856EA8646}
2011-10-05 13:15:00 -------- d-----w- C:\Users\Dan\AppData\Local\{C8DA3D74-F59D-4700-805A-8E2E4DBF599E}
2011-10-05 01:14:47 -------- d-----w- C:\Users\Dan\AppData\Local\{4F4523DE-87D9-4C3B-A295-B1E4CECC7E02}
2011-10-05 01:14:25 -------- d-----w- C:\Users\Dan\AppData\Local\{C23F204C-3CA4-4FE1-85AC-85BE8626D321}
2011-10-04 13:13:59 -------- d-----w- C:\Users\Dan\AppData\Local\{8C63B69C-AAC3-48B4-800C-4A5E36C227F5}
2011-10-04 13:13:37 -------- d-----w- C:\Users\Dan\AppData\Local\{6C91AB77-106E-42B3-A7A6-AAF02639773E}
2011-10-03 19:57:00 -------- d-----w- C:\Users\Dan\AppData\Local\{A3772645-D661-41D1-8A31-13C12B7054FB}
2011-10-03 19:56:38 -------- d-----w- C:\Users\Dan\AppData\Local\{A7731DDF-03D5-426C-9F77-FC8D9E5FF358}
2011-10-03 07:56:26 -------- d-----w- C:\Users\Dan\AppData\Local\{AB942A7D-D8D6-4E8F-AD9B-078228E71832}
2011-10-03 07:56:04 -------- d-----w- C:\Users\Dan\AppData\Local\{6A0DC2D8-1BBC-4617-8473-C75091523358}
2011-10-02 19:55:37 -------- d-----w- C:\Users\Dan\AppData\Local\{4CCA5127-EC8B-407B-81B5-975CA16CE212}
2011-10-02 19:55:15 -------- d-----w- C:\Users\Dan\AppData\Local\{03ED4834-79D2-45FD-B91F-47C2CD4D5E5C}
2011-09-30 16:32:45 -------- d-----w- C:\Users\Dan\AppData\Local\{73F7DFEC-917F-47B2-95B4-90DB36DFD38A}
2011-09-30 16:32:23 -------- d-----w- C:\Users\Dan\AppData\Local\{19C68469-CB93-4D24-990B-982A12F8FF8B}
2011-09-30 04:31:56 -------- d-----w- C:\Users\Dan\AppData\Local\{BB4F7331-5903-4822-ABF8-E11974684F5B}
2011-09-30 04:31:33 -------- d-----w- C:\Users\Dan\AppData\Local\{FCB79A81-6C1E-4CC8-B089-1F9CB3068298}
2011-09-29 13:20:12 -------- d-----w- C:\Users\Dan\AppData\Local\{03BAD19B-E691-4958-BB23-6BAB0CD538BE}
2011-09-29 13:19:53 -------- d-----w- C:\Users\Dan\AppData\Local\{2A0BCF91-676F-4142-9C4A-F9537C98EF58}
2011-09-29 01:19:29 -------- d-----w- C:\Users\Dan\AppData\Local\{F24EAF59-D862-43AA-AB50-DA4FCF3F5107}
2011-09-29 01:19:07 -------- d-----w- C:\Users\Dan\AppData\Local\{70D373BB-986C-4DFD-A02C-034D7F714D41}
2011-09-28 13:15:02 -------- d-----w- C:\Users\Dan\AppData\Local\{33D5286D-C7C1-40AA-B19B-C2FB374D91B4}
2011-09-28 13:14:40 -------- d-----w- C:\Users\Dan\AppData\Local\{2F2F9807-EEAF-439A-AAE5-D1B65DC5FA02}
2011-09-28 01:14:15 -------- d-----w- C:\Users\Dan\AppData\Local\{96638FED-57C3-4E28-997B-66358724DDD3}
2011-09-28 01:13:53 -------- d-----w- C:\Users\Dan\AppData\Local\{7F8EF8C5-A4D3-4CD4-A238-D73571A28EF4}
2011-09-27 13:13:40 -------- d-----w- C:\Users\Dan\AppData\Local\{CF4BEE36-84E9-4AB9-B9DF-5E4BE0BBBC61}
2011-09-27 13:13:18 -------- d-----w- C:\Users\Dan\AppData\Local\{8D89BF3A-DAD2-4B1A-8008-291E5671869D}
2011-09-27 00:57:53 -------- d-----w- C:\Users\Dan\AppData\Local\{43A03324-F31A-4AC7-8729-8061BF5CD8CD}
2011-09-27 00:57:31 -------- d-----w- C:\Users\Dan\AppData\Local\{0925F0F8-1DDD-409A-AA4F-D1769CBF2FBC}
2011-09-26 12:57:19 -------- d-----w- C:\Users\Dan\AppData\Local\{844164E0-59EA-41B0-84B6-647543DC3230}
2011-09-26 12:56:58 -------- d-----w- C:\Users\Dan\AppData\Local\{D8F52845-E02E-4698-8E45-D968B4AADA0F}
2011-09-25 22:07:00 -------- d-----w- C:\Users\Dan\AppData\Local\{1E7AA5F6-C8BB-4370-9A4A-F2EF17B3C91B}
2011-09-25 22:06:38 -------- d-----w- C:\Users\Dan\AppData\Local\{1815DC24-B4FD-4A19-BBE2-274DA5F23CDE}
2011-09-24 19:05:36 -------- d-----w- C:\Users\Dan\AppData\Local\{30EAA169-DFCA-4F2F-93E7-81875BCAB0CE}
2011-09-24 19:05:23 -------- d-----w- C:\Users\Dan\AppData\Local\{071C3C26-89CD-42AB-9226-9177041DD9FA}
2011-09-24 01:11:47 -------- d-----w- C:\Users\Dan\AppData\Local\{AC2513BE-32E9-4732-9DB7-C822F3B5FBB5}
2011-09-24 01:11:24 -------- d-----w- C:\Users\Dan\AppData\Local\{26BD96DF-F2B5-4317-9B0A-39F10E86467F}
2011-09-23 13:11:10 -------- d-----w- C:\Users\Dan\AppData\Local\{1CC5EED0-22B1-4D54-8049-D97D758B87D9}
2011-09-23 13:10:47 -------- d-----w- C:\Users\Dan\AppData\Local\{98A7C996-65C4-4B02-9A2F-FFB4734A3F55}
2011-09-22 19:38:59 1384479 ----a-w- C:\Windows\SysWow64\temp.000
2011-09-22 19:38:58 94271 ----a-w- C:\Program Files (x86)\MbtSessionsMD.dll
2011-09-22 19:38:58 153088 ----a-w- C:\Program Files (x86)\UNWISE.EXE
2011-09-22 19:38:58 -------- d-----w- C:\Program Files (x86)\Plugins
2011-09-22 13:08:04 -------- d-----w- C:\Users\Dan\AppData\Local\{7B8154F9-2054-4390-92C8-EBE592D7A50F}
2011-09-22 13:07:42 -------- d-----w- C:\Users\Dan\AppData\Local\{1731DAFD-33FE-450D-A9F9-324DDC763C5B}
2011-09-22 01:07:13 -------- d-----w- C:\Users\Dan\AppData\Local\{F7C90D2E-C584-4D3C-AD0B-4C1E2108B37A}
2011-09-22 01:06:51 -------- d-----w- C:\Users\Dan\AppData\Local\{2E3F5FEB-0C2F-4BA2-99D0-8A1B9B89D198}
2011-09-21 14:33:34 -------- d-----w- C:\Users\Dan\AppData\Roaming\MBTrading
2011-09-21 14:33:34 -------- d-----w- C:\ProgramData\MBTrading
2011-09-21 13:06:36 -------- d-----w- C:\Users\Dan\AppData\Local\{1ABF0B66-EBB8-4406-808C-AE3046009AE3}
2011-09-21 13:06:13 -------- d-----w- C:\Users\Dan\AppData\Local\{18143649-8F55-4400-82B4-F8C6833C259E}
2011-09-21 01:42:56 -------- d-----w- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-09-20 20:20:47 -------- d-----w- C:\Users\Dan\AppData\Local\{A6F9AD63-E812-41BE-92C0-139AF3293F9D}
2011-09-20 20:20:25 -------- d-----w- C:\Users\Dan\AppData\Local\{9A6AD22F-3201-4F76-BE84-4D72D083B483}
.
==================== Find3M ====================
.
2011-09-19 10:13:31 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-30 10:52:35 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-08-30 10:52:35 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-08-30 10:47:36 218808 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-08-29 16:37:20 6726727 ----a-w- C:\Program Files (x86)\MbtDesktopPro.exe
2011-08-29 14:20:00 94270 ----a-w- C:\Program Files (x86)\MbtWin7Tools.dll
2011-08-29 14:11:22 221251 ----a-w- C:\Program Files (x86)\MbtDesktopPro_res.dll
2011-08-29 14:11:10 176203 ----a-w- C:\Program Files (x86)\CrashReport_MbtDesktopPro.exe
2011-08-29 14:10:42 282624 ----a-w- C:\Program Files (x86)\MbtStyleScenic120.dll
2011-08-29 14:10:40 127043 ----a-w- C:\Program Files (x86)\MbtStyleCarbon120.dll
2011-08-29 14:10:38 749568 ----a-w- C:\Program Files (x86)\MbtStyle2010White120.dll
2011-08-29 14:10:34 753664 ----a-w- C:\Program Files (x86)\MbtStyle2010Blue120.dll
2011-08-29 14:10:30 720896 ----a-w- C:\Program Files (x86)\MbtStyle2010Black120.dll
2011-08-29 14:10:26 421888 ----a-w- C:\Program Files (x86)\MbtStyle2007Silver120.dll
2011-08-29 14:10:22 421888 ----a-w- C:\Program Files (x86)\MbtStyle2007Obsidian120.dll
2011-08-29 14:10:18 413696 ----a-w- C:\Program Files (x86)\MbtStyle2007Luna120.dll
2011-08-29 14:10:14 483328 ----a-w- C:\Program Files (x86)\MbtStyle2007Aqua120.dll
2011-08-29 14:10:06 6656061 ----a-w- C:\Program Files (x86)\MbtNavProUi.dll
2011-08-28 05:30:48 135 ----a-w- C:\Program Files (x86)\unregister_all.bat
2011-08-28 05:30:46 130 ----a-w- C:\Program Files (x86)\register_all.bat
2011-08-28 05:27:44 167936 ----a-w- C:\Program Files (x86)\FinancialStudiesDll.dll
2011-08-28 05:27:42 716852 ----a-w- C:\Program Files (x86)\mbdll.dll
2011-08-28 05:27:42 67490 ----a-w- C:\Program Files (x86)\mbtipc.dll
2011-08-28 05:27:42 55372 ----a-w- C:\Program Files (x86)\mbmsg.exe
2011-08-28 05:27:38 1351392 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2011-08-28 05:27:36 94208 ----a-w- C:\Windows\SysWow64\vbalIml6.ocx
2011-08-28 05:27:36 40960 ----a-w- C:\Windows\SysWow64\PLC.ocx
2011-08-28 05:27:36 32768 ----a-w- C:\Windows\SysWow64\Regtool5.dll
2011-08-28 05:27:34 212240 ----a-w- C:\Windows\SysWow64\Richtx32.ocx
2011-08-28 05:27:32 662288 ----a-w- C:\Windows\SysWow64\Mscomct2.ocx
2011-08-28 05:27:32 200704 ----a-w- C:\Windows\SysWow64\axlsbcls.dll
2011-08-28 05:27:32 167968 ----a-w- C:\Windows\SysWow64\msmask32.ocx
2011-08-28 05:26:40 564736 ----a-w- C:\Program Files (x86)\TradeIdeasGenericConnector2Proj1.ocx
2011-08-28 05:26:40 1337856 ----a-w- C:\Program Files (x86)\TradeIdeasWindowProj1.ocx
2011-08-28 05:25:14 1572928 ----a-w- C:\Program Files (x86)\_ISource.dll
2011-08-28 05:25:10 1069584 ----a-w- C:\Program Files (x86)\dbghelp.dll
2011-08-28 05:19:02 207872 ----a-w- C:\Program Files (x86)\ipworks.dll
2011-08-28 05:19:00 92160 ----a-w- C:\Program Files (x86)\ipwthunk.dll
2011-08-28 05:19:00 110592 ----a-w- C:\Program Files (x86)\ick2.dll
2011-08-07 18:35:48 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2011-08-07 18:33:45 9590960 ----a-w- C:\ProgramData\MbtDesktop_11.8.0.38.exe
2011-08-03 13:16:55 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-08-01 22:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
.
============= FINISH: 9:46:30.00 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/24/2010 3:46:08 PM
System Uptime: 10/18/2011 11:05:46 PM (34 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET6
Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 649.826 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.588 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#
Manufacturer: Generic-
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD-Picture
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.02#058F63626476&2#
Manufacturer: Generic-
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.02#058F63626476&2#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#
Manufacturer: Generic-
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#
Service: WUDFRd
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7100 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7100 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626476&3#
Manufacturer: Generic-
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626476&3#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP191: 10/13/2011 12:35:18 PM - Removed YouTube Downloader Toolbar v4.6.
RP192: 10/16/2011 4:21:21 PM - HPSF Restore Point
RP193: 10/16/2011 4:45:25 PM - TITANUIMRES[0x01001101]
RP194: 10/16/2011 5:40:47 PM - Removed YouTube Downloader Toolbar v4.6.
RP195: 10/16/2011 5:42:59 PM - Removed YouTube Downloader Toolbar v4.6.
RP196: 10/20/2011 9:34:36 AM - Removed YouTube Downloader Toolbar v4.6.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.6
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Amazon Add to Wish List IE Extension 1.1
Battlefield: Bad Company™ 2
Bing Bar
Bing Rewards Client Installer
BufferChm
C7100
c7100_Help
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Cisco Network Magic
Compatibility Pack for the 2007 Office system
Copy
Curse Client - 1
CyberLink DVD Suite Deluxe
D3DX10
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DocProc
Download Manager 2.3.10
DVD Menu Pack for HP MediaSmart Video
Fax
Google Earth
Google Update Helper
GoToAssist Corporate
GoToMeeting 4.8.0.723
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.1.0
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Support Information
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Hulu Desktop
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
MarketResearch
MBT Desktop Pro
MBT LightWave Trading Platform
Microsoft Live Search Toolbar
Microsoft Office Live Add-in 1.5
Microsoft Office XP Professional with FrontPage
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Magic
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Paint Shop Pro 7 Anniversary Edition
PictureMover
Power2Go
PowerDirector
Pure Networks Platform
Realtek High Definition Audio Driver
Recovery Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
SmartWebPrinting
SolutionCenter
Status
Steam
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinZip 15.5
WinZip Self-Extractor
WizeFeed 2.1.5
Wizefinder
Wizetrade® FOREX
Wizetrade® Stocks
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
10/18/2011 8:45:06 AM, Error: Service Control Manager [7000] - The Maxtor Scheduler2 Service service failed to start due to the following error: The system cannot find the file specified.
10/13/2011 11:17:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/13/2011 11:17:34 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
danco
Active Member
 
Posts: 13
Joined: October 10th, 2011, 12:10 pm

Re: possible key logger hack

Unread postby danco » October 20th, 2011, 12:48 pm

deleted
danco
Active Member
 
Posts: 13
Joined: October 10th, 2011, 12:10 pm

Re: possible key logger hack

Unread postby diver79 » October 22nd, 2011, 8:26 am

Hi Danco,

The infection I could see in your first set of logs is not present in the above log.

You may not have understood why I suggested a reformat/re-install earlier. The type of infection you received gives an unauthorised user access to your computer via a malicious backdoor trojan. We cannot be sure what changes this person may have made to your machine while they had access to it. For example; the hacker could have setup legitimate remote access software on the computer. Removing the initial infection will not help in this scenario as the hacker could now be using legitimate software to access your computer. Ultimately we do not know what changes have been made to your computer so we can never surely tell you it is safe to use again. This is why I would recommend you re-install Windows.

There are still vulnerable programs on your computer that could lead to re-infection. If you choose to continue using this computer without re-installing Windows I would be happy to assist in removing them.

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: possible key logger hack

Unread postby danco » October 24th, 2011, 8:18 pm

I plan to use this computer for other things than business, until I can re-format and re-install Windows, it will be removed from my home network. Please help me remove the other vulnerabilities.
danco
Active Member
 
Posts: 13
Joined: October 10th, 2011, 12:10 pm

Re: possible key logger hack

Unread postby diver79 » October 25th, 2011, 6:58 pm

Hi Danco,

I want to look at the contents of two batch files to determine if they are legitimate files.

Please download SystemLook_x64.exe... by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook_x64.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?"... press the Run button.
  2. Highlight and copy the following entries: ... into SystemLook's main text entry window.
    Code: Select all
    :contents
    C:\Program Files (x86)\register_all.bat
    C:\Program Files (x86)\unregister_all.bat
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named "SystemLook.txt"
  4. Please post the contents of the SystemLook.txt file in your next reply.


Update vulnerable Programs
It is highly recommended that you ensure there are no vulnerable/insecure programs installed on the Computer. This includes Java, Adobe Reader, Flash as well as others and most importantly Windows Update. Once I am happy the computer is clean I will provide more information on keeping your machine up to date.

Adobe Reader
  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.1.1).
Java
It can be updated by the Java control panel.
  • click on Start > Control Panel > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Just follow the prompts.


Remove out of date Java
Please download JavaRa and unzip it to your desktop.

Note: Please close any instances of Internet Explorer before continuing!

  • Right-click on JavaRa.exe and select Run as Administrator to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
  • Copy and paste the contents of the JavaRa log, in your next reply
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: possible key logger hack

Unread postby danco » October 26th, 2011, 3:05 am

delete
Last edited by danco on October 26th, 2011, 3:08 am, edited 1 time in total.
danco
Active Member
 
Posts: 13
Joined: October 10th, 2011, 12:10 pm

Re: possible key logger hack

Unread postby danco » October 26th, 2011, 3:07 am

SystemLook 30.07.11 by jpshortstuff
Log created at 00:03 on 26/10/2011 by Dan
Administrator - Elevation successful

========== contents ==========

C:\Program Files (x86)\register_all.bat - Opened succesfully.

@echo off
FOR %%A IN (*.DLL *.OCX) DO CALL :PROCESS "%%A"
GOTO EOF

:PROCESS
ECHO Registering %1...
REGSVR32 -S %1

:EOF


C:\Program Files (x86)\unregister_all.bat - Opened succesfully.

@echo off
FOR %%A IN (*.DLL *.OCX) DO CALL :PROCESS "%%A"
GOTO EOF

:PROCESS
ECHO Unregistering %1...
REGSVR32 -S -U %1

:EOF


-= EOF =-


Log file for JavaRa was empty, nothing there to copy and paste.
danco
Active Member
 
Posts: 13
Joined: October 10th, 2011, 12:10 pm

Re: possible key logger hack

Unread postby danco » October 26th, 2011, 3:13 am

I Ran JavaRa again and found this...

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Oct 26 00:10:47 2011

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

------------------------------------

Finished reporting.
danco
Active Member
 
Posts: 13
Joined: October 10th, 2011, 12:10 pm

Re: possible key logger hack

Unread postby diver79 » October 27th, 2011, 8:52 am

Hi Danco,

Lets see if there are any other security issues on the machine.

Security Check
  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.


ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your Avast! Anti-Virus.

Disable TrendMicro Antivirus
  • Right-click on the Trend Micro icon in your taskbar (located in your system tray, near your computer’s clock).
  • Uncheck the option for Protection Against Viruses and Spyware

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: possible key logger hack

Unread postby danco » October 27th, 2011, 3:58 pm

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 26
Out of date Java installed!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
``````````End of Log````````````
danco
Active Member
 
Posts: 13
Joined: October 10th, 2011, 12:10 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 286 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware