1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Checking for keylogger

Discussion in 'Virus & Other Malware Removal' started by Janfadar, Dec 21, 2010.

Thread Status:
Not open for further replies.
  1. Janfadar

    Janfadar Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    3
    My computer was recently infected with a keylogger. I ran an AVG scan and that found some infected files that i have since gotten rid of. I've done nothing else other than that, so i want to be certain that the keylogger is gone.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:42:04 PM, on 12/21/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\AVG\AVG10\avgfws.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\AIM\aim.exe
    C:\Documents and Settings\Ryan\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AVG\AVG10\avgam.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Ryan\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    O24 - Desktop Component 0: (no name) - http://i38.tinypic.com/55s07r.gif

    --
    End of file - 6532 bytes


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Ryan at 13:41:02.98 on Tue 12/21/2010
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2425 [GMT -5:00]

    AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Enabled*

    ============== Running Processes ===============

    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\AVG\AVG10\avgfws.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\AIM\aim.exe
    C:\Documents and Settings\Ryan\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AVG\AVG10\avgam.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Ryan\My Documents\Downloads\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.daemon-search.com/startpage
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {7c5c0f58-e061-457d-9033-77307f5ed00c} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
    uRun: [Octoshape Streaming Services] "c:\documents and settings\ryan\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ryan\applic~1\mozilla\firefox\profiles\vot1lq2n.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
    FF - component: c:\documents and settings\ryan\application data\mozilla\firefox\profiles\vot1lq2n.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\ryan\application data\mozilla\firefox\profiles\vot1lq2n.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\ryan\application data\mozilla\firefox\profiles\vot1lq2n.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
    FF - plugin: c:\documents and settings\ryan\application data\mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-9 3229728]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\ryan\desktop\vcdrom.sys --> c:\documents and settings\ryan\desktop\VCdRom.sys [?]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    S3 RTCore32;RTCore32;c:\rmclock\RTCore32.sys [2008-6-23 4608]

    =============== File Associations ===============

    .scr=DWGTrueViewScriptFile

    =============== Created Last 30 ================

    2010-12-21 18:15:12 388096 ----a-r- c:\docume~1\ryan\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-12-21 18:15:12 -------- d-----w- c:\program files\Trend Micro
    2010-12-20 19:02:26 -------- d-----w- c:\docume~1\ryan\applic~1\AVG10
    2010-12-20 19:00:09 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
    2010-12-20 18:58:11 -------- d-----w- c:\windows\system32\drivers\AVG
    2010-12-20 18:58:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
    2010-12-20 18:36:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

    ==================== Find3M ====================

    2010-10-13 21:43:49 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-10-13 21:43:49 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-10-13 21:43:47 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin

    ============= FINISH: 13:41:14.75 ===============

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-21 15:41:10
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 ->

    \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD1600YS-01SHB1 rev.20.06C06
    Running: hr2pn8eg.exe; Driver:

    C:\DOCUME~1\Ryan\LOCALS~1\Temp\uxtdqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT spau.sys



    ZwCreateKey [0xB7EA80E0]
    SSDT spau.sys



    ZwEnumerateKey [0xB7EC6CA2]
    SSDT spau.sys



    ZwEnumerateValueKey [0xB7EC7030]
    SSDT spau.sys



    ZwOpenKey [0xB7EA80C0]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

    (IDS Application Activity Monitor Loader Driver./AVG

    Technologies CZ, s.r.o. ) ZwOpenProcess [0xB39AB6C0]
    SSDT spau.sys



    ZwQueryKey [0xB7EC7108]
    SSDT spau.sys



    ZwQueryValueKey [0xB7EC6F88]
    SSDT spau.sys



    ZwSetValueKey [0xB7EC719A]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

    (IDS Application Activity Monitor Loader Driver./AVG

    Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB39AB770]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

    (IDS Application Activity Monitor Loader Driver./AVG

    Technologies CZ, s.r.o. ) ZwTerminateThread [0xB39AB810]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

    (IDS Application Activity Monitor Loader Driver./AVG

    Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB39AB8B0]

    INT 0x63 ?



    8AF48BF8
    INT 0x63 ?



    8AF48BF8
    INT 0x63 ?



    8AF48BF8
    INT 0x63 ?



    8AF48BF8
    INT 0x63 ?



    8AF48BF8
    INT 0x83 ?



    8AF48BF8
    INT 0x83 ?



    8AF48BF8
    INT 0x83 ?



    8AD1AF00
    INT 0x84 ?



    8AD1AF00
    INT 0x94 ?



    8AD1AF00
    INT 0xA4 ?



    8AD1AF00
    INT 0xA4 ?



    8AD1AF00
    INT 0xA4 ?



    8AD1AF00
    INT 0xA4 ?



    8AD1AF00
    INT 0xB4 ?



    8AD1AF00

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spau.sys



    The system cannot find the file specified. !
    .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys



    section is writeable [0xB6A6F3A0, 0x59FFE5,

    0xE8000020]
    .text USBPORT.SYS!DllUnload



    B6A5062C 5 Bytes JMP 8AD1A4E0
    ? C:\DOCUME~1\Ryan\LOCALS~1\Temp\mbr.sys



    The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs



    8AF471F8

    AttachedDevice \FileSystem\Ntfs \Ntfs



    AVGIDSFilter.Sys (IDS Application Activity Monitor

    Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\Fastfat \FatCdrom



    89DA5500
    Device \FileSystem\Udfs \UdfsCdRom



    8AB94500
    Device \FileSystem\Udfs \UdfsDisk



    8AB94500
    Device \Driver\NetBT

    \Device\NetBT_Tcpip_{8D640A76-2AC5-425B-9BF5-93C83B2B36A8}

    89DCD500

    AttachedDevice \Driver\Tcpip \Device\Ip



    avgtdix.sys (AVG Network connection watcher/AVG

    Technologies CZ, s.r.o.)

    Device \Driver\NetBT

    \Device\NetBT_Tcpip_{B5C67BB6-C66B-4812-AE18-3A09FC21BDC5}

    89DCD500
    Device \Driver\usbuhci \Device\USBPDO-0



    8AD4D1F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon



    8AED81F8
    Device \Driver\dmio \Device\DmControl\DmConfig



    8AED81F8
    Device \Driver\dmio \Device\DmControl\DmPnP



    8AED81F8
    Device \Driver\dmio \Device\DmControl\DmInfo



    8AED81F8
    Device \Driver\usbuhci \Device\USBPDO-1



    8AD4D1F8
    Device \Driver\usbuhci \Device\USBPDO-2



    8AD4D1F8
    Device \Driver\usbehci \Device\USBPDO-3



    8ACFE1F8
    Device \Driver\usbuhci \Device\USBPDO-4



    8AD4D1F8

    AttachedDevice \Driver\Tcpip \Device\Tcp



    avgtdix.sys (AVG Network connection watcher/AVG

    Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBPDO-5



    8AD4D1F8
    Device \Driver\usbuhci \Device\USBPDO-6



    8AD4D1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1



    8AF491F8
    Device \Driver\usbehci \Device\USBPDO-7



    8ACFE1F8
    Device \Driver\Cdrom \Device\CdRom0



    8AC5F1F8
    Device \Driver\atapi \Device\Ide\IdePort0



    8AF481F8
    Device \Driver\atapi \Device\Ide\IdePort1



    8AF481F8
    Device \Driver\atapi \Device\Ide\IdePort2



    8AF481F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7



    8AF481F8
    Device \Driver\atapi \Device\Ide\IdePort3



    8AF481F8
    Device \Driver\atapi \Device\Ide\IdePort4



    8AF481F8
    Device \Driver\atapi \Device\Ide\IdePort5



    8AF481F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-16



    8AF481F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export



    89DCD500
    Device \Driver\NetBT \Device\NetbiosSmb



    89DCD500

    AttachedDevice \Driver\Tcpip \Device\Udp



    avgtdix.sys (AVG Network connection watcher/AVG

    Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp



    avgtdix.sys (AVG Network connection watcher/AVG

    Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBFDO-0



    8AD4D1F8
    Device \Driver\usbuhci \Device\USBFDO-1



    8AD4D1F8
    Device \FileSystem\MRxSmb

    \Device\LanmanDatagramReceiver

    89DA4500
    Device \Driver\usbuhci \Device\USBFDO-2



    8AD4D1F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector



    89DA4500
    Device \Driver\usbehci \Device\USBFDO-3



    8ACFE1F8
    Device \Driver\usbuhci \Device\USBFDO-4



    8AD4D1F8
    Device \Driver\Ftdisk \Device\FtControl



    8AF491F8
    Device \Driver\usbuhci \Device\USBFDO-5



    8AD4D1F8
    Device \Driver\usbuhci \Device\USBFDO-6



    8AD4D1F8
    Device \Driver\usbehci \Device\USBFDO-7



    8ACFE1F8
    Device \FileSystem\Fastfat \Fat



    89DA5500

    AttachedDevice \FileSystem\Fastfat \Fat



    fltMgr.sys (Microsoft Filesystem Filter

    Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat



    AVGIDSFilter.Sys (IDS Application Activity Monitor

    Filter Driver./AVG Technologies CZ, s.r.o. )

    ---- Registry - GMER 1.0.15 ----

    Reg

    HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]



    771343423
    Reg

    HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]



    285507792
    Reg

    HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]

    1
    Reg

    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364

    682FA4BAF72C53EA4
    Reg

    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364

    [email protected] 0
    Reg

    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364

    [email protected]

    0xBF 0x82 0x46 0x16 ...
    Reg

    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682F

    A4BAF72C53EA4 (not active ControlSet)
    Reg

    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682F

    [email protected] 0
    Reg

    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682F

    [email protected]

    0xBF 0x82 0x46 0x16 ...

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. Janfadar

    Janfadar Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    3
  3. Janfadar

    Janfadar Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    3
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Checking keylogger
  1. agurl333
    Replies:
    1
    Views:
    372
  2. prome
    Replies:
    0
    Views:
    553
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/969866

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice