1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Possible Trojan/keylogger?

Discussion in 'Malware and Virus Removal Archive' started by VampyreGTX, 2009/02/27.

  1. 2009/02/27
    VampyreGTX

    VampyreGTX Inactive Thread Starter

    Joined:
    2009/02/27
    Messages:
    6
    Likes Received:
    0
    [Resolved] Possible Trojan/keylogger?

    Well, I think my computers been hacked. It actually started with my World of Warcraft account which I haven't accessed in over a month, only to find it hacked and closed. I havent found any issues yet using my McAfee AVS on one computer (the one from the logs below, Vista SP1) nor on my HTPC with Windows 7 and Kaspersky Beta AVS for W7. I'll post those logs in a seperate post tomorrow. I just want these checked out to ensure nothing is hiding. I've used the AVS as well as Spybot and AdAware so far with no results. Actually, I can't run dds on my W7 computer as it's not supported. Wouldn't work in compatibility mode either. What other program do you recommend for that system as I believe that was the system that may have been compromised?

    DDS (Ver_09-02-01.01) - NTFSx86
    Run by Andrew at 1:39:31.82 on Fri 02/27/2009
    Internet Explorer: 7.0.6001.18000
    Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1023.256 [GMT -6:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\dlbfcoms.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\CTHELPER.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
    C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\BOINC\boinctray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Andrew\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: NoExplorer - No File
    BHO: CGreenPrintPDF Object: {df96ba30-57f6-4700-8065-910ec3be9e3b} - c:\program files\greenprint technologies\greenprint world\GPIEPlugin.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\browseui.dll
    uRun: [<NO NAME>]
    uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe "
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
    mRun: [PDUiP6000DMon] c:\program files\canon\memory card utility\pixma ip6000d\PDUiP6000DMon.exe
    mRun: [PDUiP6000DTskbr] c:\program files\canon\memory card utility\pixma ip6000d\PDUiP6000DTskbr.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
    mRun: [Yapta Tracker] c:\program files\yapta\YaptaClient.exe /onstartup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [GPPrinterNotify] "c:\program files\greenprint technologies\greenprint world\GPPrinterNotify.exe "
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll "
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe "
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
    mRun: [boinctray] "c:\program files\boinc\boinctray.exe "
    mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
    mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
    StartupFolder: c:\users\andrew\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
    StartupFolder: c:\users\andrew\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\greenp~2.lnk - c:\program files\greenprint technologies\greenprint world\GPPrinterNotify.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\greenp~1.lnk - c:\program files\greenprint technologies\greenprint world\GPTray.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
    IE: {DF96BA30-57F6-4700-8065-910EC3BE9E3B}
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {554099FE-3856-4d93-86B5-0024AEF63BC7} - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - c:\program files\greenprint technologies\greenprint world\GPIEPlugin.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
    DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://upload.smugmug.com/photos/activex/ImageUploader4-082807.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/ct.cab
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.94.cab
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\ktjpfqq5.default\
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\ktjpfqq5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

    ============= SERVICES / DRIVERS ===============

    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-11-25 19456]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 42112]

    =============== Created Last 30 ================

    2009-02-22 12:06 7,409 a------- c:\windows\system32\Config.MPF
    2009-02-22 12:06 <DIR> --d----- c:\programdata\SiteAdvisor
    2009-02-22 12:02 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
    2009-02-22 12:02 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
    2009-02-22 12:02 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
    2009-02-22 12:02 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
    2009-02-22 12:02 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
    2009-02-22 12:01 125,728 a------- c:\windows\system32\drivers\Mpfp.sys
    2009-02-22 12:01 <DIR> --d----- c:\program files\McAfee.com
    2009-02-22 12:01 <DIR> --d----- c:\program files\common files\McAfee
    2009-02-22 12:00 <DIR> --d----- c:\program files\McAfee
    2009-02-22 11:34 <DIR> --d----- c:\programdata\McAfee
    2009-02-12 03:03 <DIR> --d----- c:\windows\SQL9_KB960089_ENU
    2009-02-11 06:07 827,392 a------- c:\windows\system32\wininet.dll
    2009-02-11 06:07 1,383,424 a------- c:\windows\system32\mshtml.tlb
    2009-02-01 01:06 <DIR> --d----- c:\programdata\BOINC
    2009-02-01 01:06 <DIR> --d----- c:\program files\BOINC
    2009-02-01 01:06 <DIR> --d----- c:\progra~2\BOINC
    2009-01-31 23:19 <DIR> --d----- c:\program files\Motorola Tools
    2009-01-31 19:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
    2009-01-31 19:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
    2009-01-31 19:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2009-01-31 19:30 <DIR> --d----- c:\program files\common files\Motorola Shared

    ==================== Find3M ====================

    2009-01-31 19:32 86,016 a------- c:\windows\inf\infstrng.dat
    2009-01-31 19:32 86,016 a------- c:\windows\inf\infstor.dat
    2009-01-31 19:32 51,200 a------- c:\windows\inf\infpub.dat
    2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
    2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
    2008-12-09 11:07 828,160 a------- c:\windows\boinc.scr
    2008-11-12 22:55 56 a---h--- c:\programdata\ezsidmv.dat
    2008-11-12 22:55 56 a---h--- c:\progra~2\ezsidmv.dat
    2008-06-22 02:44 174 a--sh--- c:\program files\desktop.ini
    2008-06-22 02:26 665,600 a------- c:\windows\inf\drvindex.dat
    2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
    2007-08-08 23:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2007-08-08 23:02 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2007-08-08 23:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

    ============= FINISH: 1:42:09.43 ===============

    DDS (Ver_09-02-01.01)

    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume3
    Install Date: 1/25/2007 2:45:36 AM
    System Uptime: 2/24/2009 7:17:12 PM (54 hours ago)

    Motherboard: ASUSTeK Computer Inc. | | A8V Deluxe
    Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2202/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 279 GiB total, 82.609 GiB free.
    D: is FIXED (NTFS) - 149 GiB total, 120.926 GiB free.
    E: is FIXED (NTFS) - 279 GiB total, 234.986 GiB free.
    F: is CDROM ()
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Wireless Notebook Adapter MN-730
    Device ID: PCI\VEN_14E4&DEV_4325&SUBSYS_00041414&REV_02\3&267A616A&0&60
    Manufacturer: Broadcom
    Name: Microsoft Wireless Notebook Adapter MN-730
    PNP Device ID: PCI\VEN_14E4&DEV_4325&SUBSYS_00041414&REV_02\3&267A616A&0&60
    Service: BCM43XV

    Class GUID:
    Description:
    Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\3&267A616A&0&69
    Manufacturer:
    Name:
    PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\3&267A616A&0&69
    Service:

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 8.1.2
    Adobe Shockwave Player
    Apple Mobile Device Support
    Apple Software Update
    AT&T Yahoo! Applications
    ATI Catalyst Install Manager
    BOINC
    Bonjour
    Branding
    Canon Inkjet Printer Driver Add-On Module
    Canon PIXMA iP6000D Memory Card Utility
    Canon Utilities Easy-LayoutPrint
    Canon Utilities Easy-PhotoPrint
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    ccc-core-static
    ccc-utility
    CCC Help English
    Citrix Presentation Server Client
    Compatibility Pack for the 2007 Office system
    Creative Audio Console
    Creative Audio Processing Object Interface Module
    DIRECTV2PC Playback Advisor
    Form Fill (Windows Live Toolbar)
    GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
    GreenPrint World
    Highlight Viewer (Windows Live Toolbar)
    ImgBurn
    iTunes
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    Java(TM) SE Runtime Environment 6 Update 1
    LeapFrog Connect
    LeapFrog Tag Plugin
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Map Button (Windows Live Toolbar)
    McAfee SecurityCenter
    Microsoft IntelliPoint 6.1
    Microsoft IntelliType Pro 6.1
    Microsoft Location Finder
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Accounting 2007
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Accounting Equifax Addin
    Microsoft Office Accounting Fixed Asset Manager
    Microsoft Office Accounting PayPal Addin
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    MobileMe Control Panel
    Motorola Driver Installation 3.7.0
    Mozilla Firefox (3.0.6)
    MyHeritage Family Tree Builder
    OpenAL
    OpenOffice.org 2.3
    QuickTime
    RadarLab HD
    RealPlayer
    Rhapsody Player Engine
    Safari
    Skins
    Skype™ 3.8
    Smart Menus (Windows Live Toolbar)
    URGE
    Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Windows Media Player Firefox Plugin
    Windows Mobile Device Center
    WinRAR archiver
    World of Warcraft

    ==== End Of File ===========================
     
    Last edited: 2009/02/27
  2. 2009/03/02
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi VampyreGTX
    Welcome to WindowsBBS.

    Please do this.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin


    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

    Now this.

    Please do an online scan with Kaspersky WebScanner

    It's best to disable real time protection applications as they sometimes interfere with the scan.
    Check this link for any applicable programs you may have.

    Click on "Accept" If your pop "“up blocker blocks any windows from opening.

    Click Run on the window that opens.
    Windows Vista users you must open the web browser using the Run as Administrator command.
    • The program will launch and then begin downloading the latest definition files:
    • Under Scan on the left side.Click on My Computer
    • This will start the program and scan your system.
    • Click the "Scan Report" On the left side.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
    • Save the text file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results.

    Thanks
    Geri
     
    Geri,
    #2

  3. to hide this advert.

  4. 2009/03/03
    VampyreGTX

    VampyreGTX Inactive Thread Starter

    Joined:
    2009/02/27
    Messages:
    6
    Likes Received:
    0
    Will run Kaspersky online overnight and will post the results aftger work tomorrow night. Thanks again!
     
  5. 2009/03/03
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK no problem.

    Geri
     
    Geri,
    #4
  6. 2009/03/04
    VampyreGTX

    VampyreGTX Inactive Thread Starter

    Joined:
    2009/02/27
    Messages:
    6
    Likes Received:
    0
    Okay, I've run ATF-Cleaner.

    I also ran Kaspersky online last night and had zero across the board for any threats. I didn't save the log as it clear.
     
  7. 2009/03/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK well, I see nothing in your DDS log and Kaspersky comes up clean, I don't believe your system is compromised.

    If you are not satisfied we can run a Panda scan also? What would you like to do?

    Thanks
    Geri
     
    Geri,
    #6
  8. 2009/03/04
    VampyreGTX

    VampyreGTX Inactive Thread Starter

    Joined:
    2009/02/27
    Messages:
    6
    Likes Received:
    0
    Thanks for the help! Glad it all appears secure, I have a second post for my HTPC system as well. Hopefully that is clean too.

    I haven't heard of Panda Scan, what is that? If it's not too much of a hassle, I may as well run that as well.
     
  9. 2009/03/05
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Panda is another virus scaner.

    Here are the instructions, If anything shows post the log.

    Make sure you run ATF Cleaner before the scan.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

    Geri
     
    Geri,
    #8
  10. 2009/03/09
    VampyreGTX

    VampyreGTX Inactive Thread Starter

    Joined:
    2009/02/27
    Messages:
    6
    Likes Received:
    0
    nothing malicious was detected. The only issues were the cookies in my dual-boot OS (XP) which I haven't used in quite some time and will actually be removing it this weekend most likely. Looks like that computer is in the clear! Thanks for the help. Hopefully I'll get the HTPC running W7 I posted on given an all clear soon as well.
     
  11. 2009/03/09
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK good to hear. you'er welcome.

    Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
    http://www.windowsbbs.com/showthread.php?t=67958

    I'll mark this resolved.

    Surf Safely
    Geri
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.