Inactive Keylogger? "SpyBoss"

[Inactive] Keylogger? "SpyBoss "

I got a strange phonecall last night from a man with a Pakistan accent telling me that I had a virus in my computer. I have no idea who he was,I asked him how the devil he knew what I had in my computer and he told me it was his duty to tell me. I thought it was a hoax but now I am not to sure. I ran malware bytes this afternoon after I got to thinking about it and it came up with 1 threat. Something called "PUP.Spyboss ". I tried to find info about it and only came up with one piece of info which said keylogger but I'm not sure that is correct. Does anyone know what this is and how do you get rid of a keylogger?

Thanks...
Karen

I will attach all my logs in the following replies...

MalwareBytes...



Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.09.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Karen :: KAREN-PC [administrator]

Protection: Enabled

11/9/2012 6:13:46 PM
mbam-log-2012-11-09 (18-13-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204975
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

GMER said it found nothing and it's log was empty.

 

aswMBR...

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-09 21:59:06
-----------------------------
21:59:06.828 OS Version: Windows x64 6.1.7600
21:59:06.828 Number of processors: 2 586 0x602
21:59:06.829 ComputerName: KAREN-PC UserName: Karen
21:59:07.851 Initialize success
21:59:08.002 AVAST engine defs: 12110900
21:59:15.605 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
21:59:15.607 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 3
21:59:15.637 Disk 0 MBR read successfully
21:59:15.639 Disk 0 MBR scan
21:59:15.642 Disk 0 unknown MBR code
21:59:15.652 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:59:15.668 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464611 MB offset 206848
21:59:15.704 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12227 MB offset 951730176
21:59:15.770 Disk 0 scanning C:\Windows\system32\drivers
21:59:30.766 Service scanning
21:59:49.550 Modules scanning
21:59:49.569 Disk 0 trace - called modules:
21:59:49.588 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
21:59:49.935 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047d4060]
21:59:49.947 3 CLASSPNP.SYS[fffff8800143b43f] -> nt!IofCallDriver -> [0xfffffa80046677b0]
21:59:49.961 5 ACPI.sys[fffff88000f68781] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8004667060]
21:59:50.856 AVAST engine scan C:\Windows
22:00:10.693 AVAST engine scan C:\Windows\system32
22:02:36.703 AVAST engine scan C:\Windows\system32\drivers
22:02:45.635 AVAST engine scan C:\Users\Karen
22:25:14.482 Disk 0 MBR has been saved successfully to "C:\Users\Karen\Desktop\MBR.dat "
22:25:14.494 The log file has been saved successfully to "C:\Users\Karen\Desktop\aswMBR.txt "

 

DDS....

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16700 BrowserJavaVersion: 1.6.0_35
Run by Karen at 21:51:11 on 2012-11-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3966.1058 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\splwow64.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover "
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe "
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe "
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe "
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe "
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 65.124.239.5 65.114.92.254
TCP: Interfaces\{5B9DDA19-917B-4C26-9F30-8F72199E3711} : DHCPNameServer = 65.124.239.5 65.114.92.254
TCP: Interfaces\{816083ED-B90D-4A80-A808-3B54D7CF1139} : DHCPNameServer = 65.124.239.5 65.114.92.254
TCP: Interfaces\{816083ED-B90D-4A80-A808-3B54D7CF1139}\26572747F6E66616D696C6970363 : DHCPNameServer = 65.124.239.5 65.114.92.254
TCP: Interfaces\{FB4DF66A-4FCD-4402-9A10-30418DCEBE9A} : DHCPNameServer = 65.124.239.5 65.114.92.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe "
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\o9a98f54.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9811ea6d-1ae2-44d6-bfcf-9a310c20e4ff%7D&mid=561027e0379f47d68a0941affce72cb2-303d0fdaa029249b32c8914d3bc3f03ffc2ecb8d&ds=AVG&v=9.0.0.18.1&lang=en&pr=fr&d=2011-10-02%2012%3A43%3A09&sap=ku&q=
FF - component: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\o9a98f54.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\o9a98f54.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_35.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Users\Karen\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\o9a98f54.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Users\Karen\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net
FF - Ext: Pocket: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-3 56336]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-11-8 21136]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-1 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-1 370288]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-1 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-1 71600]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-2-21 43912]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-8 44808]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-14 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-7 676936]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2011-2-21 1101600]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-12-7 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 PLTurbh;Prolific turbo filter driver for hdd;C:\Windows\System32\drivers\plturbh.sys [2010-12-9 12800]
S3 PLTurbo;Prolific turbo filter driver for odd;C:\Windows\System32\drivers\plturbo.sys [2010-12-9 14336]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-25 1255736]
.
=============== Created Last 30 ================
.
2012-11-08 21:23:57 21136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-11-03 03:39:39 -------- d-----w- C:\ProgramData\CanonIJ
2012-11-03 03:35:32 -------- d--h--w- C:\ProgramData\CanonIJScan
2012-10-23 22:11:15 -------- d-----w- C:\Users\Karen\AppData\Roaming\www.EasyGiftSoftware.com
2012-10-23 21:59:45 -------- d-----w- C:\ProgramData\www.EasyGiftSoftware.com
2012-10-23 21:59:43 -------- d-----w- C:\Program Files (x86)\www.EasyGiftSoftware.com
2012-10-22 15:08:46 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
2012-10-22 15:07:20 -------- d-----w- C:\ProgramData\Canon IJ Network Tool
2012-10-22 15:07:16 323584 ----a-w- C:\Windows\SysWow64\CNC_ATL.dll
2012-10-22 15:07:16 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2012-10-22 15:07:16 114688 ----a-w- C:\Windows\SysWow64\CNC_ATU.dll
2012-10-22 15:05:21 -------- d-----w- C:\Program Files\Canon
2012-10-22 02:58:11 256000 ----a-w- C:\Windows\System32\CNMIUAT.DLL
2012-10-21 21:07:05 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX
2012-10-21 17:11:44 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2012-10-21 03:07:42 -------- d-----w- C:\Users\Karen\AppData\Roaming\NewSoft
2012-10-20 21:44:31 -------- d-----w- C:\ProgramData\CanonIJPLM
2012-10-20 21:36:46 -------- d--h--w- C:\ProgramData\CanonIJEGV
2012-10-15 20:53:33 -------- d-----w- C:\Program Files (x86)\Carbonite
.
==================== Find3M ====================
.
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-10-09 05:17:53 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 05:17:53 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-29 01:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 21:51:54.06 ===============

 

Attach...

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/6/2010 2:47:48 PM
System Uptime: 11/9/2012 3:49:46 PM (6 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Athlon(tm) II X2 215 Processor | Socket AM2 | 783/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 296.306 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.165 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP201: 10/21/2012 12:04:58 PM - Removed PageManager
RP202: 10/28/2012 8:59:45 PM - Scheduled Checkpoint
RP203: 11/5/2012 12:19:59 AM - Scheduled Checkpoint
RP204: 11/8/2012 12:26:28 AM - Installed 7-Zip 9.20 (x64 edition)
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Download Assistant
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 11
Adobe Reader X
Adobe Shockwave Player 11.5
AIM 7
aioprnt
aioscnnr
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
AMP Font Viewer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
Auslogics Disk Defrag
avast! Pro Antivirus
Big Fish Games: Game Manager
Bonjour
C4USelfUpdater
Canon Easy-PhotoPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5300 series MP Drivers
Canon MG5300 series On-screen Manual
Canon MG5300 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
center
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Create A Gift
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
Divvy
Download Updater (AOL LLC)
Elements 11 Organizer
essentials
Eye Candy 4000
FastStone Image Viewer 4.3
FLV Player 2.0 (build 25)
Folder Marker Pro v 3.1
Free Alarm Clock 2.1.0
Google Chrome
Google Gmail Notifier
Google Update Helper
Hardware Diagnostic Tools
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
ImageSkill Background Remover 3
ImgBurn
IrfanView (remove only)
iTunes
James Patterson Women's Murder Club: Little Black Lies
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 Patch
Java Auto Updater
Java(TM) 6 Update 35
Jing
Kodak AIO Printer
KODAK AiO Software
ksDIP
LabelPrint
LightScribe System Software
LSI PCI-SV92EX Soft Modem
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Live Search Toolbar
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2000
Microsoft Works
Mishap 2: An Intentional Haunting
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
ocr
Power2Go
PowerDirector
PowerRecover
PreReq
PSE11 STI Installer
PSP Thumbnail Handler
PVSonyDll
QuickTime
Reader Library by Sony
Realtek High Definition Audio Driver
ScanSoft OmniPage SE 4
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Silhouette Studio
Skype™ 5.1
TurboTax 2010
TurboTax 2010 wiliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Visual Studio 2008 x64 Redistributables
WebEx
Windows 7 Upgrade Advisor
WinRAR archiver
WinZip 15.0
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
11/9/2012 2:52:57 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR10.
11/8/2012 11:27:47 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
11/8/2012 11:27:26 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
11/6/2012 8:54:30 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR15.
11/5/2012 11:42:56 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR13.
11/4/2012 11:54:49 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR11.
11/3/2012 12:31:07 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR8.
11/3/2012 11:55:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR10.
.
==== End Of File ===========================

 

Here is the Malwarebytes log that Mr Bill told me to add that shows the virus/keylogger...

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.09.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Karen :: KAREN-PC [administrator]

Protection: Enabled

11/9/2012 11:13:22 AM
mbam-log-2012-11-09 (11-13-22).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 640611
Time elapsed: 1 hour(s), 58 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Karen\Desktop\See if on graphics external then throw away\Downloads\ContactKeeper\ContactKeeper143.exe (PUP.SpyBoss) -> No action taken.

 

Thanks Broni. I wouldn't have let it spook me if he hadn't called me by my first name. That's when I got spooked. After he told me it was his "duty" to inform me I just told him to F off and hung up on him. Thanks for your help again Broni, I really appreciate it!